Thoughts From The Nest
Blog, updates, and release notes

It’s time for another usually weekly threat report. We’re covering quite a few essential stories from the last week: Verizon DBIR is out Australian mining breach Ransomware attack on hospitals thwarted by arrest Netwalker Ransomware goes fileless Phishers update their lures Out-of-band patch for Adobe RCE QNAP RCE chain with bonus Perch Labs signatures Let’s get this party started. Verizon DBIR 2020 is out On May 19, 2020, security researchers at Verizon released the Data Breach Investigation Report (DBIR) for 2020.

Read More


This week, we’re going to take a look at: Evil Maid Thunderspies your Backplane America’s Most Wanted Exploits SaltStack RCE Exploits Hidden Cobra Malware Evil Maid Thunderclaps Back with Thunderspy Thunderspy is the new hotness in physical exploits targeting Intel’s Thunderbolt port. It takes less than five minutes to execute and impacts any Windows or Linux PC manufactured before 2019. Released by Eindhoven University of Technology researcher Björn Ruytenberg, Thunderspy involves unscrewing the physical backplate of a machine, attaching a device momentarily to reprogram the firmware, and reattaching the backplate (if you really want to).

Read More


It’s official – we’ve added Cisco Meraki and Cisco Umbrella to the growing family of Perch-Cisco integrations, joining Cisco AMP for Endpoints and Duo, as well as Cisco Talos. What does that mean to you? Now you can gather your Meraki and Umbrella daterz together into one place and view it right alongside your network data and other logs, while Perch’s 24/7, Cisco certified SOC monitors it for any sign of cyber threat activity.

Read More


We have some special stuff for you in this usually weekly threat report. We’re releasing several IDS signatures and IoCs you can use to detect many of the threats we mention below. This week, we’re discussing: Two new malware strains choose Go An evolution in Qakbot campaigns And, Black Rose Lucy bringing ransomware to your Android NSPPS RAT goes live Citrix products are under attack in a recent wave of scans and exploits for CVE-2019-197811234.

Read More


It’s time for another usually weekly threat report. So many interesting things happened over the last week, with a few key threats catching our eye: A large MSP was buffalo jumped Admin access to a large MSP was auctioned SBA leaked COVID-19 loan applicant data Two Windows proofs of concepts were released Emotet learned new evasion techniques Cognizant buffalo jumped and dark web auctions In our recent 2020 MSP Threat Report, we discussed buffalo jumping, a new tactic for ransomware distributors to ransom a service provider and many of their customers at once.

Read More


Modern environments use and create a lot of data. Small organizations and enterprise alike are constantly generating network traffic, activity logs, and events of all kinds. Monitoring all that data for security risks and attacks is a big task. Perch tackles the challenge using two methods of threat prevention: threat detection and threat hunting. What is threat detection? Threat detection is the passive monitoring of data for potential security issues. Intrusion prevention systems like firewalls and antivirus can help automatically stop most of the high fidelity, known threats targeted at your network.

Read More


It’s another week in paradise here at Perch. This week, we’re covering a few events: 0-day Trio running wild on Patch Tuesday Sodin Ransomware ditches Bitcoin in favor of Monero And, two implants with active campaigns: APT41’s Speculoos Backdoor TA505 phishing with SDBbot RAT 0-day Trio running wild on Patch Tuesday For April 2020’s Patch Tuesday, Microsoft patched 113 vulnerabilities. Fifteen of these were rated critical, 93 were important, three were moderate, and two rated as low.

Read More


As if the week couldn’t get any longer, we have a few key threats we want to get you up to speed on. We’re covering: The pervasive exposure of Microsoft Exchange Server to a 10-year-old vulnerability A new version of PowerShell Empire Two password dumps that’ll get recycled into credential stuffing attacks A tag team by baddies looking to body slam enterprise retail point-of-sale systems Let’s get this party started.

Read More

Release Notes

April 8, 2020


New
Added marketplace collections for easily installing and managing groups of content
New
Added an interactive roadmap and customer feedback tool to the app
New
Improved the indicator details page for custom alerts
New
Added G Suite cloud-to-cloud log integration
New
Improved throttling of event notifications
Bugfix
Added escalation and suppression data to Perchybana
Bugfix
Fix for triggered values collecting as “Unknown” for nested fields within event notifications
Bugfix
Fixed inconsistent caching of team names
Bugfix
Fixed marketplace collections displaying an incorrect item count
Bugfix
Fixed propagation of MSP settings for new organizations
Bugfix
Fixed issues around the deletion of event notifications

Release Notes

April 8, 2020


New
Added marketplace collections for easily installing and managing groups of content
New
Added an interactive roadmap and customer feedback tool to the app
New
Improved the indicator details page for custom alerts
New
Added G Suite cloud-to-cloud log integration
New
Improved throttling of event notifications
Bugfix
Added escalation and suppression data to Perchybana
Bugfix
Fix for triggered values collecting as “Unknown” for nested fields within event notifications
Bugfix
Fixed inconsistent caching of team names
Bugfix
Fixed marketplace collections displaying an incorrect item count
Bugfix
Fixed propagation of MSP settings for new organizations
Bugfix
Fixed issues around the deletion of event notifications