May 20, 2019
New
Unified community/indicator component
New
X-Pack security support
Bugfix
Fix for a number of date related errors
Bugfix
Fix for configuring email integration does not work
Bugfix
Fix for closed escalations not filtering by org
Bugfix
Fix for ConnectWise layout broken on FireFox
Bugfix
Fix for Perchybana link not displaying
Bugfix
Fix for quick stats being miscalculated when time range changed
Bugfix
Fix for counts in threats/alerts not matching indicator details
Bugfix
Fix for software items failing to load on add/edit pages
Bugfix
Fix for sensor page not reloading on refresh
Paul Scott on
May 15, 2019
Lot’s of big game hunting in this weekly threat report. Forbes.com just got popped by credit card skimming pro, MageCart. A number of nasty vulnerabilities are getting the spotlighted in WhatsApp, Windows Remote Desktop, and SQLite. And Hidden Cobra, aka Lazarus, drops a new tunneling tool titled Electricfish.
Forbes Magazine compromised: MirrorThief skims MageCarts’ modus operandi We’ve covered MageCart a few different times over the last year, so I thought I’d make you aware of recent events in e-commerce skimming.
Read More
May 13, 2019
New
X-Pack Security, per user Kibana yml
New
Perchybana X-Pack Auth
New
Update requests to ES to pass user credentials
Bugfix
Sensors endpoint isn’t returning data
Bugfix
True/False positives graph is showing 0 on Org Homepage
Bugfix
Alert not showing in SOC queue
Bugfix
Inconsistent data for monitored assets + suppressions/escalations
Bugfix
Suppressions and Escalations charts date axis not filtered
Bugfix
Sensors - endpoint isn’t returning data
Jeremy Walczak on
May 10, 2019
Vulnerability disclosures, patches, threats and new attack vectors; healthcare organizations have an ever-growing responsibility to ensure patient safety, information protection and 24x7 uptime responsibilities for critical systems. Couple that with regulatory compliance requirements, hundreds (if not thousands) of medical device manufacturers and a talent shortage in the information security industry and you have what can appear to be an insurmountable charge to ensure the organization has a comprehensive security program.
Read More
Paul Scott on
May 8, 2019
Get your hot keys ready, we have a boatload of indicators for you to copy and paste this week. But first, we need to cover some recent events in security.
The IDF showed off military response to cyber threats with video release, APT Buckeye was hitting bullseyes a year early in timeline revelation, and ransomware was getting busy on both sides of the pond in two recently disclosed breaches.
Read More
Paul Scott on
May 1, 2019
This week we’re looking at some crime stats related to the rise of ransomware, a DHS directive on patch management, a new strain of ransomware that leveraged a 0-day, the return of Magecart, and finally a vulnerability and IoT devices that could help Mirai-variants grow up strong.
The rise of Ransomware Cybercriminals have focused on businesses during Q1 2019, with consumer threats decreasing by 24% year over year while businesses have seen a 235% increase in the number of cyber-attacks.
Read More
Paul Scott on
April 24, 2019
Today we’re talking about some phishy fellows. Let’s start out with trends in phishing from 2018, then cover two APTs that lean on phishing with malicious documents to spread their malware infections and an IE 0-day that enables phishers to bring home the sensitive-data bacon. Finally, in completely unrelated news, we’re closing out with a critical CERT advisory for Broadcom Wi-Fi chips. Hold on to your dongles!
State of the Phishy Union Since we’re talking about an IE 0-day vulnerability that’s best used through phishing and a threat actor who primarily phishes with maldocs, I thought it would be good to start with some findings on the state of the phishing in 2018 from Phishlabs.
Read More
April 23, 2019
New
Misc charts and detail view updates
New
All orgs onboarding progress
New
Sensor Outage Email to include additional information
New
Export escalated alerts as json or csv
New
Sorting, filtering, and actions for pages
New
ConnectWise Billing integration
Bugfix
Sensors - endpoint isn’t returning data
Bugfix
Updating ConnectWise integration for large MSP (Perch SOC) takes too long
Bugfix
Intel recent indicators shows infinite spinner
Bugfix
Onboarding_complete_at gets set when onboarding has not been finished
Bugfix
Indicator backtesting is not returning results
Paul Scott on
April 18, 2019
We’ve got a quick update for you this week on some news that’s getting attention. APT34 leaks hack tools, Common VPN software has a critical vulnerability patched, and Microsoft underestimates the exploitability of a remote code execution vulnerability. Additionally, an information technology firm from India has been compromised and is being leveraged in attacks against their own customers. Let’s get going.
APT34 hacking tools leak As reported by zdnet, yesterday some of the tools used by OilRig attack group have been leaked by a group of Iranian hackers called “Lab Dookhtegan”.
Read More
April 8, 2019
New
Filter links to a single customer on indicator details
New
Extended storage for logs
New
Include recent flow_id in api response
New
New on-boarding wizard
Bugfix
Cannot click link to sensor and bring up sensor page
Bugfix
500 Error on Basic Authentication
Bugfix
Weekly update email doesn’t get complete data
Bugfix
Issue with 2FA logins due to email confirmation cage router
Bugfix
Community Pages/ View All - Recent True and False Positives not working
Bugfix
Redirect user back to original page after login
Bugfix
Contacts text field is losing focus on autosave
Subscribe to our blog