Threat Advisory: Linux File System Vulnerability

Linux File System Vulnerability Event Summary An Out-of-bounds Write flaw was found in the Linux kernel’s seq_file in the filesystem layer. This flaw was discovered by the Qualys Research Team (QRT). If exploited successfully, this vulnerability could lead to data corruption, system crashes and up to the execution of unauthorized code. This flaw allows unprivileged […]

Threat Advisory: High Severity Flaw in HP, Xerox and Samsung Printers

High Severity Flaw in HP, Xerox and Samsung Printers Event Summary Sentinel Labs discovered a vulnerability that affects HP, Xerox and Samsung printers. This vulnerability could allow for privilege escalation via the vulnerable printer driver and could allow threat actors to install programs, view, change, encrypt, or delete data, or create privileged accounts.  Samsung, Xerox […]

Understanding Service Location Protocol as a Security Threat

Understanding Service Location Protocol as a Security Threat Hunting for obscure protocols is a way to proactively find malicious activity. Today, I want to talk about one of those obscure protocols, Service Location Protocol (SLP). While hunting through the billions of logs, we at Security On-Demand process every day, I found considerable activity across a […]

Zero-Day Vulnerability in SolarWinds Serv-U Products

Zero-Day Vulnerability in SolarWinds Serv-U Products 13 July, 2021 Event Summary The SolarWinds Serv-U product line contains a Zero-Day Vulnerability.  Microsoft discovered the exploits, reported it to SolarWinds and has evidence of exploitation in the wild.  This vulnerability exists in the Serv-U product line, and no other SolarWinds products are affected.  This is not related […]

PrintNightmare Zero-Day Vulnerability in the Windows Print Spooler Service

printnightmare

PrintNightmare Zero-Day Vulnerability in the Windows Print Spooler Service – Important Update PrintNightmare Zero-Day Alert Update 7/8/21 Event Summary The Windows Out-of-Band patch released on July 6th does not fully address the PrintNightmare Zero-Day vulnerability that exists in the Print Spooler Service.  This patch does address the remote vector of the vulnerability thus, further action […]

How does Security Monitoring and Detection Protect You from Ransomware?

ransomware attack screen

How does Security Monitoring and Detection Protect You from Ransomware? Ransomware is one of the most difficult threats for SIEM, SOC, and MDR technologies and services to identify.  This is due to the inherent nature of ransomware acting quickly and its threat actors only wanting you to discover the infection after everything is encrypted.  What […]