Sage Advice - Cybersecurity Blog

Windows SMB Zero Day Exploit Threat Advisory

US-CERT released a warning on Thursday 2/2/2017 about a Microsoft Windows vulnerability caused by a memory corruption bug in the handling of SMB traffic.  This vulnerability may allow a remote, unauthenticated attacker to cause a denial of service (crash or reboot) in a vulnerable system.

Read More

Topics: Threat Advisories

MSIL / Samas.A Ransomware Advisory

2016 has seen widespread use of a new type of ransomware known as MSIL / Samas.A. Attackers are actively scanning the Internet for vulnerable systems, and exploiting systems to gain access to the internal network. One tool being used is JexBoss, this tool discovers and exploits vulnerable JBoss servers.

Read More

Topics: Threat Advisories, Ransomware

Cisco ASA IKEv1 and IKEv2 Buffer Overflow Vulnerability Advisory

On February 10, 2016, details of a serious buffer overflow vulnerability were released by Cisco and Exodus Intelligence affecting the Cisco ASA software.

Read More

Topics: Threat Advisories

Sandworm Vulnerability Advisory

On October 14, 2014 iSIGHT Partners along with Microsoft reported a zero day vulnerability impacting all supported versions of Microsoft Windows. The vulnerability was discovered being exploited “in the wild”.

Read More

Topics: Threat Advisories

SSL 3.0 Protocol Vulnerability Advisory – POODLE Attack

On October 14, 2014 a vulnerability in the SSL 3.0 protocol was publicly disclosed. The SSL 3.0 protocol is vulnerable to a padding-oracle attack when Cypher Block Chaining (CBC) is used. This attack is commonly called “POODLE” (Padding Oracle On Downgraded Legacy Encryption).

Read More

Topics: Threat Advisories, Malware

GNU Bourne Again Shell (BASH) “Shellshock” Vulnerability Advisory

On September 24, 2014, information regarding a critical UNIX - based operating system vulnerability was published. The vulnerability is being referred to as BASH BUG or SHELLSHOCK.  (CVE-2014-6271 and CVE-2014-7169 are the official references to this vulnerability). Organizations should patch the vulnerability as soon as expedient given that there are reports about malicious scanning and active exploitation.

Read More

Topics: Threat Advisories