Vulnerability Note

AdvisorsBot – AdvisorsBot is a sophisticated downloader first spotted in the wild in May 2018. Once AdvisorsBot has been downloaded and executed, the malware uses HTTPS to communicate with the C&C server. AdvisorsBot has significant anti-analysis features including using “junk code” to slow down reverse engineering and Windows API function hashing to make it harder to identify the malware’s functionality AgentTesla – AgentTesla is an advanced RAT which functions as a keylogger and password stealer and has been active since 2014. AgentTesla can monitor and collect the victim’s keyboard input, system clipboard, and can record screenshots and exfiltrate credentials belonging to a variety of software installed on a victim’s machine (including Google Chrome, Mozilla Firefox and Microsoft Outlook email client). AgentTesla is openly sold as a legitimate RAT with customers paying between $15-$69 for user licenses. AmmyyRat – FlawedAmmyy is a remote access Trojan (RAT) tha

Cisco Systems has agreed to pay $8.6 million to settle a lawsuit that accused the company of knowingly selling video surveillance system containing severe security vulnerabilities to the U.S. federal and state government agencies. It's believed to be the first payout on a ' False Claims Act ' case over failure to meet cybersecurity standards. The lawsuit began eight years ago, in the year 2011, when Cisco subcontractor turned whistleblower, James Glenn, accused Cisco of continue selling a video surveillance technology to federal agencies even after knowing that the software was vulnerable to multiple security flaws. According to the court documents , Glenn and one of his colleagues discovered multiple vulnerabilities in Cisco  Video Surveillance Manager  (VSM) suite in September 2008 and tried to report them to the company in October 2008. Cisco Video Surveillance Manager (VSM)  suite allows customers to manage multiple video cameras at different physical locations

Summary The Cisco Video Surveillance Manager (VSM) allows operations managers and system integrators to build customized video surveillance networks to meet their needs. Cisco VSM provides centralized configuration, management, display, and control of video from Cisco and third-party surveillance endpoints. Multiple security vulnerabilities exist in versions of Cisco VSM prior to 7.0.0, which may allow an attacker to gain full administrative privileges on the system. More information on Cisco VSM can be found at  http://www.cisco.com/en/US/products/ps10818/index.html . Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are available. This advisory is available at the following link:  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130724-vsm Affected Products Vulnerable Products Cisco VSM versions prior to 7.0.0 are affected by the vulnerabilities disclosed in