Topic
Threat Intelligence
Verizon 2021 Data Breach Investigations Report (DBIR): Ransomware Attacks Doubled
If there is one lesson we can take away from 2020 is that we all need to be prepared for the worst. Resilience has emerged as the top skill that people and businesses need to possess not only to survive but also to thrive in a changing and challenging world. Rapid changes require businesses to make rapid but well-informed […]
What Is Phishing?
Phishing is the practice of stealing credentials by masking malicious intent behind the appearance of something innocuous. An email that looks like it’s from a social network asking you to reset your password is one of the most common versions. Once a user submits their credentials, attackers then use the victim’s account to spread the […]
Hafnium Zero-day Exploit: Threat Advisory Report
What is Zero-day Exploit? The term “zero day exploit” is defined as an unknown cyber attack that exposes a window of vulnerability, typically on the same day a weakness is discovered in a computer software. A zero day exploit can be difficult to detect and called “zero day” due to the number of days until […]
Detect Solorigate and SUNBURST Attacker Techniques with the MITRE ATT&CK Framework—We’ll Get You Started
As folks are continuing to work to address the Solorigate/ SUNBURST compromise, our team has been mapping the tactics and techniques used by the attackers to the MITRE ATT&CK framework, and building detection content to deploy for our customers. If you haven’t already, please read this blog first to get the basics. What follows is […]
Solorigate, SUNBURST aka FireEye and SolarWinds Compromise – Recommended Actions to Limit Your Exposure
Threat Advisory On December 13th, a disclosure was made for a compromise in the SolarWinds IT Management software suite code base that made a supply chain attack possible for all SolarWinds customers. Attackers implanted backdoors in legitimate, signed DLL files contained in update packages for SolarWinds Orion in March and June of 2020 that were then used to breach customers who upgraded to the affected versions (versions 2019.4 HF 5 […]
Threat Hunting Use Case: DNS Queries
Updated June 2021 In one of our previous Threat Hunting Use Case blogs, Firewall Targeting DNS, we focused on using firewall data to observe outbound (Domain Name System) DNS traffic in an environment to identify threats and potential security hygiene issues. One specific objective involved identifying potential endpoints bypassing internal DNS forwarders, in order to address […]
Credential Dumping Part 2: How to Mitigate Windows Credential Stealing
Credential theft is part of almost all attacks within a network, and one of the most widely known forms of credential stealing is surrounding clear-text credentials by accessing lsass.exe. However, this is only a piece of the bigger picture of the Windows credential model. In Part 1 of the Credential Dumping Series, I took a closer look […]
Credential Dumping Part 1: A Closer Look at Vulnerabilities with Windows Authentication and Credential Management
For many of us in cybersecurity, we know that credential theft is part of almost all attacks within a network. Arguably, one of the most known forms of credential stealing is surrounding clear-text credentials by accessing lsass.exe. Almost synonymous with credential stealing is the popular tool Mimikatz, which is able to access the LSASS (Local Security Authority Subsystem […]
Top 3 Techniques for Improving Your Threat Intelligence Alerting
Threat intelligence is invaluable for any organization; the ability to leverage the security community’s combined knowledge of threats can take an organization’s security program to the next level. This shared information usually takes the form of indicators of compromise (IOCs), which can be IP addresses, domains, hashes, or other data types related to a threat. […]
No results
