Tag: Cybersecurity Threat Advisory
Cybersecurity Threat Advisory: Exim Mail Transfer Agent Actively Exploited by Russian
Advisory Overview According the NSA, Russian military cyber actors have been exploiting a vulnerability in Exim mail transfer agent (MTA) software in Unix-based systems. The vulnerability could allow hackers to execute commands with root privileges. SKOUT recommends updating Exim to...
Cybersecurity Threat Advisory: Office 365 MFA Bypass Phishing Attack
Advisory Overview A new type of Office 365 Phishing attack uses the legitimate Microsoft login page to bypass multi-factor authentication. The attack grants certain permissions to threat actors, compromising the target user’s account and its data. SKOUT advises businesses to...
Cybersecurity Threat Advisory: Microsoft Teams Account Takeover Vulnerability
Advisory Overview Unpatched versions of Microsoft Teams are potentially vulnerable to an account takeover attack using GIF files or links. SKOUT advises updating Microsoft teams to the latest version. In addition, organizations should review access control, phishing training, and social...
Cybersecurity Threat Advisory: Office 365 Security Recommendations from CISA
Advisory Overview The United States Cybersecurity and Infrastructure Security Agency (CISA) released an alert detailing possible security risks in Office 365 and ways to mitigate them. CISA mentions that security risks may be amplified due to the rapid movement to...
Cybersecurity Threat Advisory: Sophos Firewall Zero-Day (CVE-2020-12271)
Advisory Overview Unpatched versions of Sophos XG Firewalls are potentially vulnerable to SQL Injection attacks. Sophos pushed out an automatic update, but some devices may need to be manually patched or rebooted for the changes to take effect. Specific guidance...
Cybersecurity Threat Advisory: Hackers Still Exploiting COVID-19
Advisory Overview Hacking groups are still exploiting the COVID-19 pandemic as an opportunity to perform cyber-attacks. The United States’ CISA and the United Kingdom’s NCSC teamed up to issue a joint alert to the top threats. Recommendations are focused on...
Cybersecurity Threat Advisory: RagnarLocker Ransomware Hits EDP Energy Giant
Advisory Overview Energy giant EDP was recently hit with RagnarLocker ransomware. The hacking group claiming responsibility is threatening to leak 10 TB of stolen data online, including personal information such as a password manager database if a ransom of almost...
Cybersecurity Threat Advisory: Maze Ransomware Hits Cognizant
Advisory Overview Cognizant was recently hit by the Maze ransomware. Maze is known for publicly shaming companies by leaking their data online until they pay a ransom, limiting the efficacy of backups in mitigating damage. The exact attack vector is...
Cybersecurity Threat Advisory: Hackers Targeting Microsoft SQL Servers
Advisory Overview A new brute force hacking campaign called “Vollgar” targets Microsoft SQL Servers with weak passwords. The campaigns installs a malicious payload to steal information, remote control, and hide its own activity. SKOUT has provided a link to a...
Cybersecurity Threat Advisory: Critical VMware Bug (CVE 2020-3952)
Advisory Overview There is a high severity vulnerability in VMware vCenter which could allow an attacker the ability to compromise all virtual machines on a server. The critical flaw scored a 10 out of 10 on the Common Vulnerability Scoring...
