On December 13th, a disclosure was made for a compromise in the SolarWinds IT Management software suite code base that made a supply chain attack possible for all SolarWinds customers. While it is unknown how many of the SolarWinds customers are facing impacts from the supply chain attack, it is widely acknowledged that this foothold is present on many systems. This ReliaQuest Threat Advisory Report contains more detail on the compromise, references to FireEye and Microsoft research, the ReliaQuest response including IOCs identified and detection signatures, and our advice to customers that have SolarWinds software within their network.
On March 2, 2021, Microsoft Security Response Center released updates related to vulnerabilities affecting on-premises deployments of Microsoft Exchange Server 2013/2016/2019. Microsoft also revealed details around active exploitation of these vulnerabilities using zero-day exploits. This RQ Threat Advisory outlines the vulnerability and its exploitation in more detail including IoCs (indicators of compromise) and GreyMatter detection […]
The industry emphasis on the constant implementation of new security tools and technologies has led organizations to make substantial investments into security personnel. Those talents are spent primarily on maintenance and reacting to the various alerts that these disparate technologies are built to address. A vast amount of time is spent investigating, tuning false positives, […]
When integrated across security controls, threat intelligence allows security teams to increase detection rates, speed response times, and mitigate their most serious risks. But finding the balance between too little and too much intel – and then automating the integration of these feeds – is the challenge. Too little intel, and your organization runs the […]