Active VPN Reconnaissance Campaign from Russia Based IP

Active VPN Reconnaissance Campaign from Russia Based IP Event Summary Security On-Demand has discovered a Russian based IP performing an active VPN scanning and password spraying campaign.  This IP was observed performing this activity as of May 30, 2021.  We are taking this opportunity to alert our client base and recommend any preemptive actions to […]

‘Fancy Product Designer’ Website Plugin Zero-Day Vulnerability

‘Fancy Product Designer’ Website Plugin Zero-Day Vulnerability 2 June, 2021 Event Summary On May 31, 2021, the WordFence Threat Intelligence team discovered and disclosed a critical file upload vulnerability in ‘Fancy Product Designer’ plugin.  This vulnerability affects both WordPress and WooCommerce websites and allows for Remote Code Execution (RCE). The Fancy Product Designer plugin exists […]

Threat Flash Alert: Nobelium Spear-Phishing Campaign

Threat Flash Alert: Nobelium Spear-Phishing Campaign Executive Summary Microsoft’s Threat Intelligence Center (MSTIC) has released an advisory pertaining to a new Spear-Phishing campaign by the Russian threat group dubbed Nobelium.  Nobelium has been labeled responsible for the Solar Winds compromise that took place in 2020.   The start date for this campaign dates back to January […]

Web Shells and How to Avoid the Backdoor Action We Really Don’t Want

backdoor

Web Shells and How to Avoid the Backdoor Action We Really Don’t Want By Evan Stewart   For many years, web shells have been used for legitimate administration and remote management of enterprise network assets. However, threat actors slowly started to twist web shells to serve their ploys for illegitimate gains. Now, malicious web shells […]

Threat Flash Alert: Four Microsoft Zero-Day Vulnerabilities Disclosed

Threat Flash Alert: Four Microsoft Zero-Day Vulnerabilities Disclosed Executive Summary Microsoft recently discovered evidence of an attack campaign currently in action which leverages several previously unknown vulnerabilities with on-premises Microsoft Exchange Servers. The vulnerabilities enable access to email accounts, and allow for installation of additional malicious entities to maintain persistence within a target’s environment in […]