Thoughts From The Nest
Blog, updates, and release notes

Perch Security announced today $9 million in Series A funding, through a combined investment from ConnectWise and existing investor Fishtech Group. The funding will fuel Perch’s expansion in software development, marketing and customer success. ConnectWise Founder and CEO Arnie Bellini will join Perch’s Board of Directors. Check out the full article here.

Read More


In this weekly threat report, we’ll cover three current events. Facebook loses 50 million auth tokens, a phishing campaign is evading AV to deploy remote access trojans, and a ten-year-old privilege escalation vulnerability has major Linux distributions scrambling to release. Facebook loses control of auth tokens used for FB and every site you log into using Facebook SSO. On Friday, September 29, Facebook announced an attacker exploited a vulnerability and potentially compromised up to 50 million users Facebook accounts.

Read More


This week we are covering three emerging stories in the weekly threat report. First, we’ll cover a newly discovered case of ATM skimmers being installed at banks. Then we’ll transition to two digital threats. The first is related to the reuse of breached credentials in brute force attacks against the financial sector and the second is related to Microsoft’s battle against phishing attacks targeting the upcoming mid-term elections. Two ATM Skimmers Found at Old Second Bank Authorities from Aurora Police Department are investigating ATM skimmers found at two Old Second Bank branches in Aurora.

Read More


In preparation for this blog, I decided to do a little research on the subject matter because, well #obvious. I started with the basic Google search of Women in Technology and found Tweets, a couple blogs, and a website literally called WomeninTechnology.org. At a casual first glance, it seemed like the basic stuff: blogs, ads, social media, etc. But when I took a deeper dive, I realized that almost everything listed was inspirational, spoken with a “women helping other women” voice and tonality, almost as if this was a crisis before it was a concept.

Read More


Need the cheat codes to cybersecurity?

It’s dangerous to go alone. That must be a reason birds have evolved to flock together. I imagine, as a person responsible for your organization’s security operations, the pressure is on for you to always be right. One miss could become a very public incident that distracts the company from its real mission like financial services, education, or energy. When you’re sitting down to review a possible breach, wouldn’t it make you more confident to have access to real-time, qualified (by trained security analysts in our managed SOC) intelligence sightings from your industry peers that include how similar sightings were ultimately dispositioned?

Read More


In this week’s threat report we’re covering two stories, the discovery of XBash malware and an unground marketplace offering a compromised bank ATM and three different companies’ company websites for sale. XBash Malware Discovered Researchers have discovered XBash, a malware with ransomware, botnet, and coin-mining functionalities. According to their research, XBash abuses weak passwords and unpatched vulnerabilities and is capable of spreading rapidly within an organization’s network. Researchers found that XBash targets Linux-based systems specifically for its ransomware and botnet capabilities, and targets Microsoft Windows-based systems primarily for its coin-mining and self-propagating capabilities.

Read More

Adding Threat Communities

on September 12, 2018


Perch Security connects you to all your threat intel sources (so you can actually use them). CISO Wes Spencer shows you how, with his typical panache.

Read More


In this weekly threat report, we’ll cover two topics, 380K British Airways users skimmed by Magecart breach and the Mirai/Gafgyt botnets get upgraded to fly first class with Apache Struts & SonicWall Exploits. Mirai & Gafgyt get an upgrade Security researchers uncovered two botnet variants of Mirai and Gafgyt(BASHLITE) with upgraded versions to take advantage of vulnerabilities. Both IoT botnets are associated with DDoS campaigns since November 2016. The Gafgyt version exploits the SonicWall vulnerability (CVE-2018-9866) that affects older unsupported SonicWall Global Management Systems(GMS 8.

Read More


See all your threat intelligence sources, compare performance, and predict trends on Perch's Communities tab. Perch Security CISO Wes Spencer deftly demonstrates in this short video.

Read More


Ryuk ransomware campaign targeting large organizations in the US and around the world has made the attackers behind it over $640,000 in bitcoin in the space of just two weeks. It appears to be connected to Lazarus, the hacking group working out of North Korea. Ryuk campaign is targeting enterprises that are capable of paying a lot of money in order to get back on track. Secondly, Security researchers at Kaspersky Lab have uncovered a new campaign dubbed as “AppleJeus” being carried out by North Korean APT group Lazarus.

Read More