The Skybox View

7 12, 2018

Zero-Day Attack on Russia Prompts OOB Patches

By |2019-03-08T12:58:41-07:00December 7th, 2018|Threat Intelligence|Comments Off on Zero-Day Attack on Russia Prompts OOB Patches

A targeted zero-day attack on Russia centered around a bug in Adobe Flash Player, but carried on the back of a malicious “mule” document, prompting both Adobe and Microsoft to release patches. The Zero-Day Attack on Russia: What Happened? In the early hours of November 29, 2018, a professional questionnaire issued by a Russian medical [...]

8 11, 2018

Bleedingbit Vulnerabilities Could Affect Enterprises Worldwide

By |2018-11-08T16:28:12-07:00November 8th, 2018|Vulnerability & Threat Management|Comments Off on Bleedingbit Vulnerabilities Could Affect Enterprises Worldwide

On November 1, 2018, researchers from Armis revealed two severe vulnerabilities known as Bleedingbit which could be used to carry out remote code execution attacks on enterprise firms worldwide. The Bleedingbit vulnerabilities impact Bluetooth low-energy chips built by Texas Instruments (TI) and are used in millions of Cisco and Aruba wireless access points (AP). Although [...]

16 10, 2018

Foreshadow Vulnerabilities Impact Siemens Products

By |2018-10-23T14:26:14-07:00October 16th, 2018|Vulnerability & Threat Management|Comments Off on Foreshadow Vulnerabilities Impact Siemens Products

Foreshadow and its derivatives, which allow unintended reads of the most isolated and secure microprocessor memory, are as ubiquitous as modern Intel chips. Operational technology (OT) systems, including many in the Siemens industrial and automation portfolios, incorporate the vulnerable chips. Foreshadow Vulnerabilities and Timeline On August 14, 2018, Intel took part in the coordinated disclosure [...]

8 10, 2018

TSMC WannaCry Hits OT Plants with a Hefty Price Tag

By |2019-01-24T13:24:29-07:00October 8th, 2018|Vulnerability & Threat Management|Comments Off on TSMC WannaCry Hits OT Plants with a Hefty Price Tag

  The TSMC WannaCry attack may feel like déjà vu, but it’s a lesson in vulnerability management. You may never have heard of Taiwan Semiconductor Manufacturing Company (TSMC), but you’ve probably used their product. TSMC is Apple’s sole wafer supplier. And in August, they got hit with a WannaCry nearly a year and a half [...]

10 09, 2018

Android API Vulnerability Exposes Sensitive Customer Information

By |2018-09-10T16:02:24-07:00September 10th, 2018|Vulnerability & Threat Management|Comments Off on Android API Vulnerability Exposes Sensitive Customer Information

Researchers from Nightwatch Cybersecurity have discovered an Android API vulnerability (CVE-2018-9489) in the Google Android OS which exposes sensitive information about the user’s device to any app that’s installed on the phone — regardless of whether the app requires that data to function. The sensitive information passes via a system broadcast and includes the WiFi network [...]

27 08, 2018

Security Automation: Can it Fix What Ails Enterprises Cybersecurity Programs?

By |2018-08-27T17:09:05-07:00August 27th, 2018|Security Automation|Comments Off on Security Automation: Can it Fix What Ails Enterprises Cybersecurity Programs?

A report on our seminal security automation survey was released today with insights on how enterprises are already using automation, where they’re finding benefits and challenges and what’s been the impact to their business. The stats must have been swimming in my head as it seemed everywhere I turned in recent weeks, themes of automation, [...]

21 08, 2018

MikroTik Routers Infected in Mass-Scale Coinhive Cryptojacking Campaign

By |2018-08-21T14:06:30-07:00August 21st, 2018|Threat Intelligence|Comments Off on MikroTik Routers Infected in Mass-Scale Coinhive Cryptojacking Campaign

A massive cryptojacking campaign that targets MikroTik routers and utilizes Coinhive was initially discovered on July 31 and has infected more than 200,000 routers worldwide. The Coinhive malware started spreading on routers in Brazil and later targeted MikroTik routers in other countries around the globe. MikroTik Infection Process and Exploit Method The infection exploited a [...]

15 08, 2018

Ransomware in India: the SamSam Ransomware and Beyond

By |2018-08-15T12:52:48-07:00August 15th, 2018|Vulnerability & Threat Management|Comments Off on Ransomware in India: the SamSam Ransomware and Beyond

A Sophos survey shed light on the state of ransomware in India. It revealed that 67 percent of Indian respondents reported being hit by ransomware in the last year. Due to a number of factors, it’s likely Indian business will see an increase in cyberattacks in the near future. SamSam ransomware could be one of [...]

27 07, 2018

Oracle WebLogic Vulnerability Used for Cryptomining and Other Attacks

By |2018-07-30T09:23:30-07:00July 27th, 2018|Threat Intelligence|Comments Off on Oracle WebLogic Vulnerability Used for Cryptomining and Other Attacks

A critical Oracle WebLogic vulnerability (CVE-2018-2893) is being utilized by attackers three days after the publication of a proof of concept. Since the sample exploit code was released, there has been a rise in its exploitation attempts. The vulnerability has received a "critical" severity level and a score of 9.8 out of 10 on the [...]

26 07, 2018

Cryptominers Surpass Ransomware as Most Widespread Cybercrime Malware

By |2018-07-26T14:31:09-07:00July 26th, 2018|Vulnerability & Threat Management|Comments Off on Cryptominers Surpass Ransomware as Most Widespread Cybercrime Malware

Cryptominers have surpassed ransomware as the cybercriminal’s tool-of-choice in the first half of 2018. That’s according to the mid-year update to the Vulnerability and Threat Trends Report. The report is compiled by the Skybox Research Lab and includes security analyst research of the vulnerabilities, exploits and threats that are shaping the threat landscape. It explores trends observed [...]