Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and remediating threats to prevent lateral spread.
Investigation and enhanced threat detection across multi-cloud or hybrid environments.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Customer testimonials and case studies.
Stories on cyberattacks, customers, employees, and more.
Cyber incident, analyst, and thought leadership reports.
Demonstrations, seminars and presentations on cybersecurity topics.
Information and solution briefs for our services.
MITRE ATT&CK Framework, Cybersecurity Assessment, SOC Calculator & more
On December 5th, Adobe released two security patches outside of the regular patching schedule to address an arbitrary code execution vulnerability (CVE-2018-15982) and a privilege escalation vulnerability (CVE-2018-15983). Windows, MacOS, Chrome OS and Linux users are affected. Exploitation of CVE-2018-15982 prior to patch release has been publicly reported and was achieved through phishing emails.
Technical details of the exploitation have not yet been released but patching for this vulnerability should be a high priority due to the associated risks of arbitrary code execution and the known successful exploitation.
The eSentire Threat Intelligence Team is monitoring this issue for additional details and detection methods
Current esRECON checks identify Adobe related vulnerabilities and will be updated to assist in identifying this specific vulnerability
esENDPOINT rules are being updated for this specific threat
After performing a business impact review, apply the Adobe security patches [1]
Conduct user awareness training around phishing and opening documents from unknown or suspicious sources
Initial reporting states that CVE-2018-15982 was exploited in a phishing campaign delivering the exploit in Microsoft Office documents labeled “22.docx” [2]. Arbitrary code execution allows the unidentified Threat Actor(s) to gain command line access to affected devices. The goal of this phishing campaign remains unclear.
There are no reports of CVE-2018-15983 being exploited in the wild at this time. This vulnerability still requires fast action as it could be coupled into existing attacks, allowing the threat actor to raise their privileges on the system and perform actions at the administrative level.
References:
[1] Adobe Security Bulletin: Security updates available for Flash Player | APSB18-42
https://helpx.adobe.com/security/products/flash-player/apsb18-42.html
[2] Threat Post: Adobe Flash Zero-Day Leveraged Via Office Docs in Campaign
https://threatpost.com/adobe-flash-zero-day-leveraged-via-office-docs-in-campaign/139635/