Topic
Threat Intelligence
Threat Advisory: PwnKit – Local Privilege Escalation Vulnerability in Major Linux Distributions
Updated: 01/26/2022 17:54 Severity: HIGH Background A vulnerability was discovered in Polkit pkexec, a SUID-root program that is included on every major Linux distribution by default. This vulnerability enables local privilege escalation to root on the victim host. Proof-of-concepts (PoCs) have been published for this vulnerability but ‘in-the-wild’ exploitation has not yet been observed. Affected […]
Log4Shell Overview and ReliaQuest Solutions
An overview of how Log4Shell Works Tools available to ReliaQuest GreyMatter Customers A downloadable utility to assist with quickly identifying vulnerable AND very easily exploitable applications. The utility is available for direct download here, and includes instructions for installation and use Understanding how Log4Shell Works Log4Shell is a vulnerability in the Java Naming and Directory […]
An Update on the ReliaQuest Response to the Log4j2 Vulnerability
Updated 12/29 A zero-day vulnerability involving the Log4j 2 utility was publicly disclosed on December 9, 2021, via the Apache GitHub. Log4j 2 is an open-source Java logging library integrated in many enterprise applications, as well as open-source software and other services. The widespread use and configuration variables make this is a high impact threat. ReliaQuest has […]
Threat Hunting: DNS Queries Use Case
First published December 2020 In one of our previous Threat Hunting Use Case blogs, Firewall Targeting DNS, we focused on using firewall data to observe outbound DNS (Domain Name System) traffic in an environment to identify threats and potential security hygiene issues. One specific objective involved identifying potential endpoints bypassing internal DNS forwarders, in order to […]
Breaking: How the Conti Ransomware Gang Orchestrates Their Attacks
At ReliaQuest, we constantly monitor the internet for anything that can be used to help our customers make security possible. When the recent “Conti Lessons” leak appeared from what is presumably a disgruntled operator working for the Conti ransomware gang, we quickly grabbed a copy, translated it (big thanks to Oksana!), and got to work […]
Verizon 2021 DBIR: Ransomware Attacks Doubled
If there is one lesson we can take away from 2020 is that we all need to be prepared for the worst. Resilience has emerged as the top skill that people and businesses need to possess not only to survive but also to thrive in a changing and challenging world. Rapid changes require businesses to make rapid but well-informed […]
What Is Ransomware? A Definition and Some History
Ransomware is a piece of malicious software that locks your data until you pay the hacker behind the attack. This is sometimes the creator of the software, but not always. There are off-the-shelf ransomware programs floating around the dark web that even low-skilled bad guys can customize for their own uses. Ransomware can enter your […]
What Is Phishing?
Phishing is the practice of stealing credentials by masking malicious intent behind the appearance of something innocuous. An email that looks like it’s from a social network asking you to reset your password is one of the most common versions. Once a user submits their credentials, attackers then use the victim’s account to spread the […]
Hafnium Zero-day Exploit: Threat Advisory Report
What is Zero-day Exploit? The term “zero day exploit” is defined as an unknown cyber attack that exposes a window of vulnerability, typically on the same day a weakness is discovered in a computer software. A zero day exploit can be difficult to detect and called “zero day” due to the number of days until […]
No results