Critical Palo Alto Firewall Vulnerabilities Identified

Avertium Threat Report

Palo Alto Firewall Vulnerabilities Overview This threat report is about a series of critical Palo Alto firewall vulnerabilities that affect elements of the software suite. The major vulnerabilities are referred to as the following with varying degrees of severity: PAN-SA-2020-0005 PAN-OS, PAN-SA-2020-0006 PAN-OS, CVE-2020-2018, and CVE-2020-2005. These vulnerabilities affect either the PAN-OS, Panorama, or the […]

Newly Discovered SolarWinds MSP Vulnerability Presents Nation State Threat

Avertium Threat Report

Overview of the SolarWinds MSP Vulnerability This threat report is about a recently discovered vulnerability found in the SolarWinds MSP patch management engine (PME). This vulnerability is noteworthy but has only been tested in a theoretical setting. The security community has assigned the identifier CVE-2020-12608. There is a patch available which can be pulled down […]

VMWare ESXI Vulnerability Allows Malicious Code Injection

Avertium Threat Report

CVE-2020-3955 Overview This report is about a vulnerability found in the VMWare ESXI software known as CVE-2020-3955. The vulnerability is caused by the improper validation of user-supplied inputs. The software flaw exists in VMWare ESXI versions 6.5 and 6.7 with patches available for both versions. This vulnerability exists in the Virtual Machine Attribute Viewer in […]

New Spear Phishing Attacks Use Fake O365 Link to Gain Access

Avertium Threat Report

Overview of the New Spear Phishing Emails This report is about a new series of spear phishing emails by a well-known dangerous threat actor known as Hive0065 or TA505. Several of these phishing emails involve a macro infested Word document using a fake Office 365 link. The Tactics, Techniques, and Procedures Used in HIVE0065 Attacks […]

APT41 Using Speculoos to Exploit Citrix Vulnerabilty

Avertium Threat Report

APT41 and Speculoos Overview This report is about a known nation state actor using multiple vulnerabilities to exploit perimeter devices. The threat actor group is known as APT41 in the cybersecurity community. APT41 is utilizing a custom-coded backdoor trojan called Speculoos to exploit a well-known Citrix vulnerability. Threat Intel History on CVE-2019-19781 See the following […]

CVE-2020-3952 VMWare vCenter Software Vulnerability

Avertium Threat Report

VMWare vCenter Software Vulnerability Details This report is about a vulnerability found in the VMWare vCenter software known as CVE-2020-3952. The vulnerability is caused by improper access controls affecting the VMware Directory Service. The affected version of the software is vCenter 6.7 with a patch available for this software flaw. CVE-2020-3952 Tactics, Techniques, and Procedures […]

Zoom Virtual Meeting Vulnerabilities

Avertium Threat Report

Zoom Software Vulnerabilities Overview This report explains a series of Zoom software vulnerabilities along with their impact and current recommendations. The software has vulnerabilities ranging from critical in nature to less concerning depending on the environment. It’s also notable that the Zoom meeting software does have some privacy concerns as well. Tactics, Techniques, and Procedures […]

APT41 Exploiting Multiple Vulnerabilities

Avertium Threat Report

APT41 Overview This report is about APT41 and the group’s recent campaign to exploit multiple well-known vulnerabilities. This threat actor is going after targets vulnerable to the following: CVE-2019-19781, CVE-2019-1653, CVE-2019-1652, and CVE-2020-10189. These vulnerabilities affect common software/hardware found in corporate environments. All the vulnerabilities mentioned in this report have patches available. Tactics, Techniques, and […]

CVE-2020-0684, Windows .LNK Files

Avertium Threat Report

CVE-2020-0684 Overview This report is about a vulnerability called CVE-2020-0684 which affects multiple versions of the Microsoft Windows operating system. The vulnerability is due to a mishandling of a specific file type where successful exploitation generally depends on social engineering. There are multiple patches available from Microsoft depending on the type of operating system in […]