Thoughts From The Nest

Blog, updates, and release notes


This week we’re covering: Another round of COVID-19 miscreants targeting healthcare organizations and using the pandemic as a lure A de-evolution in FIN7 tactics that move from phishing e-mails to phishing snail-mails Details on a critical vulnerability in a popular WordPress plugin that allows site hijacking Sodin Holding NEDA Ransom FBI report on Orangeworm RAT Kwampirs targeting healthcare On March 30, 2020, the FBI released new information on a Kwampirs Remote Access Trojan (RAT) campaign by Orangeworm (aka Gorgon Group) targeting healthcare.

Read More


It should be no surprise that hackers are breaking their promises. The World Health Organization, FedEx, and U.S. Human Health Services are being used in COVID-19 lures. In other hacking news, Russian FSB nabs 30 hackers in coordinated raids and the window of opportunity is open for two unpatched Windows code execution vulnerabilities being actively exploited. Threat actors using COVID-19 information as a lure The spread of coronavirus disease 2019 (COVID-19) has led to a change in the attack surface of many organizations.

Read More

Release Notes

March 24, 2020


New
Added loading indicator for integrations under settings
New
Added configurable columns to the alerts table
New
Custom alerts now allow suppressions by values
New
Added pagination to sensor summary table
Bugfix
Fixed event notifications threshold reverting to 1 from 0
Bugfix
Fixed suppression list for non-staff users
Bugfix
Fixed SMS integration form
Bugfix
Fixed the interface of feed selected communities
Bugfix
Fixed bulk suppressions
Bugfix
Fixed email integration choice from the suppression modals
Bugfix
Fixed user settings

In this week’s threat report, we’re covering a new capability in the evolution of Trickbot, critical vulnerabilities in Adobe Reader and Adobe Acrobat, a code execution proof of concept (PoC) for Joomla, and a blog post by Sodinokibi ransomware team that could shake up stock prices. Trickbot learns new RDP brute force trick On March 18, 2020, researchers identified a new module for Trickbot banking Trojan called “rdpScanDll.” This new module bruteforces the Remote Desktop Protocol (RDP) and targets a specific list of victims operating in the telecommunication, education, and financial services industries in the United States and Hong Kong.

Read More


Pandemic planning: it encompasses everything from continuity of operations planning all the way to how HR handles sick employees. I’ve been through several of these myself after 22 years in this biz, for educational institutions and banks before I joined Perch. In the beginning, I used to think they were silly exercises for events that were only theoretical (and why would it be any different than disaster recovery planning, right?). Pandemic planning has its own unique flavor when it comes to impact on your organization.

Read More


Over the past year or two, the term MSP 2.0 has been used to signify the evolution of Managed Service Providers (MSP) to include more cybersecurity focused elements to help improve client security while continuing to drive monthly recurring revenue. On the surface, this certainly seems like a win-win for most Managed Services Providers, but simply including additional cybersecurity products and services in the MSP stack doesn’t necessarily equate to instant success.

Read More


In this issue of the usually weekly threat report, we’ve got some hot news. Keep on the lookout for a new worm on the heels of a SMBv3 buffer overflow, Microsoft disrupts the Necurs Botnet, hackers are actively exploiting Microsoft Exchange, and Magecart skims cards with a little help from Cloudflare. Let’s get this party started. SMBv3 Buffer Overflow breaks ground for new worm On March 10, 2020, Cisco Talos and Fortinet researchers leaked a new worm-able vulnerability in the Microsoft Server Message Block (SMB) protocol before Microsoft’s regular Patch Tuesday update cycle.

Read More

Release Notes

March 9, 2020


New
Added a new integration for Carbon Black
New
Scheduled report emails now attach reports as a PDF
Bugfix
Fixed the welcome modal from opening after a page refresh
Bugfix
Fixed sorting for the integration health report
Bugfix
Fixed Office 365 metrics

Release Notes

February 27, 2020


New
Added download links for sensor and log shipper to Settings > Sensors
New
Added download as CSV to alerts
New
Added Category and Severity to the alerts Webhook
New
Added column for sensor IP addresses
New
Added fields to the payload for extra indicator information regarding Webhooks
New
Visually optimized scheduled reports
New
Moved Client Token to Settings > Sensors
Bugfix
Fixed pagination and search for event notifications
Bugfix
Fixed org selector not showing the selected org after a page refresh
Bugfix
Fixed sorting by version for sensor list
Bugfix
Fixed escalations page not displaying data
Bugfix
Fixed drop downs for integrations
Bugfix
Fixed deleting of sensors

“Congratulations to Perch Security for being recognized as the Gold award winner in the following categories of Cyber Threat Intelligence, Intrusion Detection & Prevention, Managed Detection and Response (MDR), Security Monitoring, and Threat Detection, Intelligence and Response of the 2020 Cybersecurity Excellence Awards,” said Holger Schulze, CEO of Cybersecurity Insiders and founder of the 400,000-member Information Security Community on LinkedIn that jointly produce the awards program. “With over 500 entries in more than 90 award categories, the 2020 awards are highly competitive and all winners truly reflect the very best in today’s cybersecurity industry.

Read More