Sage Advice - Cybersecurity Blog

State-sponsored cyberattacks from national agencies or affiliates are a rising concern. Even though U.S. cyber-responses have become more prevalent, foreign hackers still pose a powerful threat, given the ever-changing threat landscape and heightened abilities of these adversaries.

US-CERT released a warning on Thursday 2/2/2017 about a Microsoft Windows vulnerability caused by a memory corruption bug in the handling of SMB traffic.  This vulnerability may allow a remote, unauthenticated attacker to cause a denial of service (crash or reboot) in a vulnerable system.

2016 has seen widespread use of a new type of ransomware known as MSIL / Samas.A. Attackers are actively scanning the Internet for vulnerable systems, and exploiting systems to gain access to the internal network. One tool being used is JexBoss, this tool discovers and exploits vulnerable JBoss servers.

On February 10, 2016, details of a serious buffer overflow vulnerability were released by Cisco and Exodus Intelligence affecting the Cisco ASA software.

On October 14, 2014 iSIGHT Partners along with Microsoft reported a zero day vulnerability impacting all supported versions of Microsoft Windows. The vulnerability was discovered being exploited “in the wild”.

On October 14, 2014 a vulnerability in the SSL 3.0 protocol was publicly disclosed. The SSL 3.0 protocol is vulnerable to a padding-oracle attack when Cypher Block Chaining (CBC) is used. This attack is commonly called “POODLE” (Padding Oracle On Downgraded Legacy Encryption).

On September 24, 2014, information regarding a critical UNIX - based operating system vulnerability was published. The vulnerability is being referred to as BASH BUG or SHELLSHOCK.  (CVE-2014-6271 and CVE-2014-7169 are the official references to this vulnerability). Organizations should patch the vulnerability as soon as expedient given that there are reports about malicious scanning and active exploitation.