Thoughts From the Nest

Blog, updates and release notes.

Release Notes

May 20, 2019


New
Unified community/indicator component

New
X-Pack security support

Bugfix
Fix for a number of date related errors

Bugfix
Fix for configuring email integration does not work

Bugfix
Fix for closed escalations not filtering by org

Bugfix
Fix for ConnectWise layout broken on FireFox

Bugfix
Fix for Perchybana link not displaying

Bugfix
Fix for quick stats being miscalculated when time range changed

Bugfix
Fix for counts in threats/alerts not matching indicator details

Bugfix
Fix for software items failing to load on add/edit pages

Bugfix
Fix for sensor page not reloading on refresh

Threat Report Wednesday May 15th 2019

on May 15, 2019


Lot’s of big game hunting in this weekly threat report. Forbes.com just got popped by credit card skimming pro, MageCart. A number of nasty vulnerabilities are getting the spotlighted in WhatsApp, Windows Remote Desktop, and SQLite. And Hidden Cobra, aka Lazarus, drops a new tunneling tool titled Electricfish. Forbes Magazine compromised: MirrorThief skims MageCarts’ modus operandi We’ve covered MageCart a few different times over the last year, so I thought I’d make you aware of recent events in e-commerce skimming.

Read More

Release Notes

May 13, 2019


New
X-Pack Security, per user Kibana yml

New
Perchybana X-Pack Auth

New
Update requests to ES to pass user credentials

Bugfix
Sensors endpoint isn’t returning data

Bugfix
True/False positives graph is showing 0 on Org Homepage

Bugfix
Alert not showing in SOC queue

Bugfix
Inconsistent data for monitored assets + suppressions/escalations

Bugfix
Suppressions and Escalations charts date axis not filtered

Bugfix
Sensors - endpoint isn’t returning data

Medical devices: Exploit waiting to happen?

on May 10, 2019


Vulnerability disclosures, patches, threats and new attack vectors; healthcare organizations have an ever-growing responsibility to ensure patient safety, information protection and 24x7 uptime responsibilities for critical systems. Couple that with regulatory compliance requirements, hundreds (if not thousands) of medical device manufacturers and a talent shortage in the information security industry and you have what can appear to be an insurmountable charge to ensure the organization has a comprehensive security program.

Read More

Threat Report Wednesday May 8th 2019

on May 8, 2019


Get your hot keys ready, we have a boatload of indicators for you to copy and paste this week. But first, we need to cover some recent events in security. The IDF showed off military response to cyber threats with video release, APT Buckeye was hitting bullseyes a year early in timeline revelation, and ransomware was getting busy on both sides of the pond in two recently disclosed breaches.

Read More

Threat Report Wednesday May 1st 2019

on May 1, 2019


This week we’re looking at some crime stats related to the rise of ransomware, a DHS directive on patch management, a new strain of ransomware that leveraged a 0-day, the return of Magecart, and finally a vulnerability and IoT devices that could help Mirai-variants grow up strong. The rise of Ransomware Cybercriminals have focused on businesses during Q1 2019, with consumer threats decreasing by 24% year over year while businesses have seen a 235% increase in the number of cyber-attacks.

Read More

Threat Report Wednesday April 24th 2019

on April 24, 2019


Today we’re talking about some phishy fellows. Let’s start out with trends in phishing from 2018, then cover two APTs that lean on phishing with malicious documents to spread their malware infections and an IE 0-day that enables phishers to bring home the sensitive-data bacon. Finally, in completely unrelated news, we’re closing out with a critical CERT advisory for Broadcom Wi-Fi chips. Hold on to your dongles! State of the Phishy Union Since we’re talking about an IE 0-day vulnerability that’s best used through phishing and a threat actor who primarily phishes with maldocs, I thought it would be good to start with some findings on the state of the phishing in 2018 from Phishlabs.

Read More

Release Notes

April 23, 2019


New
Misc charts and detail view updates

New
All orgs onboarding progress

New
Sensor Outage Email to include additional information

New
Export escalated alerts as json or csv

New
Sorting, filtering, and actions for pages

New
ConnectWise Billing integration

Bugfix
Sensors - endpoint isn’t returning data

Bugfix
Updating ConnectWise integration for large MSP (Perch SOC) takes too long

Bugfix
Intel recent indicators shows infinite spinner

Bugfix
Onboarding_complete_at gets set when onboarding has not been finished

Bugfix
Indicator backtesting is not returning results

Threat Report Thursday April 18th 2019

on April 18, 2019


We’ve got a quick update for you this week on some news that’s getting attention. APT34 leaks hack tools, Common VPN software has a critical vulnerability patched, and Microsoft underestimates the exploitability of a remote code execution vulnerability. Additionally, an information technology firm from India has been compromised and is being leveraged in attacks against their own customers. Let’s get going. APT34 hacking tools leak As reported by zdnet, yesterday some of the tools used by OilRig attack group have been leaked by a group of Iranian hackers called “Lab Dookhtegan”.

Read More

Release Notes

April 8, 2019


New
Filter links to a single customer on indicator details

New
Extended storage for logs

New
Include recent flow_id in api response

New
New on-boarding wizard

Bugfix
Cannot click link to sensor and bring up sensor page

Bugfix
500 Error on Basic Authentication

Bugfix
Weekly update email doesn’t get complete data

Bugfix
Issue with 2FA logins due to email confirmation cage router

Bugfix
Community Pages/ View All - Recent True and False Positives not working

Bugfix
Redirect user back to original page after login

Bugfix
Contacts text field is losing focus on autosave

PerchySubscribe to our blog