CyberWatch Blog Header.jpg

CyberWatch

Could Your Browser Extension Leave You Vulnerable?

Posted by Mike Lehmberg on Jul 19, 2017 9:48:11 AM

Cisco has released an alert regarding a vulnerability in its Cisco WebEx browser extension for Google Chrome and Mozilla Firefox. This vulnerability allows for an unauthenticated remote attacker to execute arbitrary code with privileges of the affected browser on the system. The following releases are listed as vulnerable:

Read More

Topics: Vulnerability, Cisco, WebEx

New Fileless Ransomware Has the Ability to Go Undetected

Posted by Mike Lehmberg on Jun 29, 2017 11:36:07 AM

A fileless ransomware, SOREBRECT, that has recently been discovered, injects malicious code into a legitimate system process on the target system and will then remove itself in order to evade antivirus detection. SOREBRECT has targeted enterprise systems in varying industries. Upon infection, files on the system are encrypted and the attackers are capable of running remote commands on the affected system. SOREBRECT also has the capability to scan the network for computers and open shares, and will encrypt files at those locations. Although initially only affected systems in the middle east, it has since spread throughout the globe. In order to mitigate any potential infection, it is strongly encouraged that you restrict users write permissions on shared drives, keep systems up to date and have security mechanisms in place.

Read More

Topics: Ransomware, Critical

[UPDATE] The Latest Ransomware Attack That is Mimicking WannaCry

Posted by Mike Lehmberg on Jun 28, 2017 8:09:36 AM

[Update 6/29]

Indicators are now showing that, even though NotPetya disguises itself as ransomware, it actually works to lock the files permanently. Essentially, this is a cyber warfare tool that is being used to wipe the drive of the affected system and there is no way to recover the files. It appears that this began in the Ukraine and was potentially created and dispersed by Russia.  We will continue to update as information becomes available.

Read More

Topics: Ransomware, Critical

The Latest Ransomware Attack That is Mimicking WannaCry

Posted by Mike Lehmberg on Jun 27, 2017 6:36:07 PM

Today, another global ransomware attack has struck several nations and is using the same exploit utilized by WannaCry: EternalBlue. Currently, there have been several thousand infections which is comparable to WannaCry’s spread in its first several hours. If infected, the machine will display a black screen with red lettering demanding $300 worth of bitcoins. Currently there is no data on whether paying the ransom result in the decryption of your critical files.

Read More

Topics: Ransomware, Critical

How You Could Be Vulnerable to Recent North Korean Cyber Attacks

Posted by Mike Lehmberg on Jun 22, 2017 3:17:42 PM

The United States Computer Emergency Readiness Team (US-CERT), in joint efforts with the Department of Homeland Security (DHS), has recently been alerted to recent malicious actions of the North Korean Government. The intended targets of their activity is focused towards the media, aerospace, financial and critical infrastructure sectors of the United States.

Read More

Topics: Vulnerability

UIWIX Ransomware/Adylkuzz Malware

Posted by Mike Lehmberg on Jun 21, 2017 2:43:59 PM

UIWIX Ransomware

Read More

Topics: Ransomware, Malware

HP Keylogger Vulnerability

Posted by Mike Lehmberg on May 17, 2017 11:47:46 AM

In 2015 HP released an audio driver on a number of systems that inadvertently acted as a keylogger. This could potentially allow a malicious individual to record critical information from a user’s keystrokes on these machines. HP has released a listing of systems that are affected by this:

Read More

Topics: Keylogger, HP

WannaCry Ransomware Update

Posted by Mike Lehmberg on May 17, 2017 11:47:26 AM

Reports are now showing that WannaCry Ransomware has affected 200,000 victims in 150 different countries. On Monday experts expected the issue to escalate due to users returning to work following the initial attack. Microsoft released an emergency patch on Friday (5/12) but the attackers have now released a revised version of the ransomware.

Read More

Topics: Ransomware, Microsoft

WannaCry Ransomware

Posted by Mike Lehmberg on May 14, 2017 8:02:17 PM

In the last few days over 75,000 ransomware attacks have occurred in 99 different countries. WannaCry is possibly one of the largest global cyber-attacks to date and has wreaked havoc to businesses around the world. This ransomware takes advantage of a vulnerability that Microsoft patched on Windows operating systems in March of this year.

Read More

Topics: Ransomware, Windows

Cisco WebEx Meetings Server Information Disclosure Vulnerability

Posted by Mike Lehmberg on May 12, 2017 3:04:08 PM

Recently a vulnerability was found affecting the Cisco WebEx Meetings Server. This vulnerability could allow for an unauthenticated remote attacker to gain information that could allow them to access scheduled customer meetings. The following releases have been identified as vulnerable:

Read More

Topics: Vulnerability, Cisco, WebEx