Release Notes
August 24, 2018
- Added the ability to change an alert from “Escalated” to another status from the Dashboard
- Added the time remaining to triage an alert and fulfill the applied SLA for MSSP users
- Added SLA management for MSSP users
- Added webhook support for Alerts ( Beta )
- Added MS-ISAC and NCU-ISAO communities ( Beta )
- The new and improved Alerts list is now live and the old Alerts list has been removed
Threat Report Thursday August 23rd 2018
Stephen Coty on August 23, 2018
In August 2018, a new variant of malware - KeyPass ransomware - gained traction using new techniques like manual control to customize its encryption process. Researchers at Kaspersky Lab say that the trojan is being propagated by means of fake installers that download the ransomware module. The trojan sample is written in C++ and compiled in MS Visual Studio. It was developed using the libraries MFC, Boost and Crypto++. The PE header contains a recent compilation date.
Thinking About Your Cybersecurity Program
Chip Wickenden on August 21, 2018
The National Institute of Technology and Standards, or NIST was tasked with developing a framework that could be used to understand and manage cybersecurity defenses. So, in good government fashion they came up with a 56 page document full of dense text and tables and so on. But – and this is the important part – they summarized it into 5 functions, each a different high level action step. And that provides a good jumping off place to start thinking about a cybersecurity program for your business.
Threat Report Thursday August 16th 2018
Stephen Coty on August 16, 2018
New Zombie Boy Crypto miner Discovered. Security Researcher James Quinn has recently discovered a new monero miner worm that appears to amass $1,000 per month and uses multiple exploits to avoid detection. Unlike MassMiner crypto currency miner, ZombieBoy leverages WinEggDrop instead of MassScan to search for new hosts to infect. Secondly, Security researchers at Check Point have revealed at DefCon 26 that a cyber criminal can infiltrate a network using a vulnerability of a fax machine protocol.
Threat Report Thursday August 9th 2018
Stephen Coty on August 9, 2018
Security researchers at Proofpoint have uncovered Dreambot malware which is a new variant of Ursinif banking Trojan. Though it is still in development, it was seen spreading since July 2016 through exploit kits such as Neutrino, through phishing emails with malicious attachments, and through malvertising. Secondly Palo Alto researchers discovered a threat group named DarkHydrus carrying out credential harvesting attacks using weaponized Word documents, which they delivered via spear-phishing emails to entities within government and educational institutions in the Middle East.
Perch Security Dashboard Overview
Wes Spencer on August 7, 2018
We all need a snapshot of what's happening before we delve in. Perch Security CISO Wes Spencer shows off Perch's Dashboard, which gives users exactly that.
Threat Report Wednesday August 1st 2018
Stephen Coty on August 1, 2018
According to Trend Micro, a new exploit kit UnderMiner contains features that make it difficult for researchers to track it and reverse engineer its payloads. Trend Micro researchers state that the exploit kit is currently being used against victims in Asian countries, primarily users in Japan. Underminer delivers a bootkit that infects system boot sectors as well as Hidden Mellifera (Hidden Bee), a cryptocurrency-mining malware. Trend Micro researchers first observed the exploit kit on Jul 17, 2018.
What we're gonna do right here is go back, wayback...
Ben Marte on July 29, 2018
In 2012 I started dabbling with CMSs and as a Front End Developer whose backend expertise is dropping tables making a site with tons of features out of the box was glorious but the hindrance of using a CMS that no one tells you that you ignore is the constant updating and how vulnerable they are to hacks. Because of this (version control anyone? and many other reasons) I stopped using CMSs but I still had a few sites I no longer updated running on a CMS (no it’s not wordpress 💩), anyways recently said CMS got hacked and since I didn’t keep the CMS up to date my sites were affected by said hack 😑.
Release Notes
July 27, 2018
- Added API support for MSSPs and upcoming SLA management
- Added a new Organization Settings ( Beta )
- Added specialized rule files for Tiny Form Factor sensors
- Updated the Escalated Alerts color to a friendlier shade of yellow
- Fixed a bug when joining communities during the sign up process
- Fixed a bug with firewall blacklist options on the Alerts ( Beta ) suppression modal
- Fixed a bug with IPs not populating in the Alerts ( Beta ) False Positive Modal
- Removed deprecated API endpoints for rule files
- Updated weekly emails to use an improved, automated process
In 1992, Microsoft released Minesweeper alongside Windows 3.1. We can only imagine the purpose Microsoft originally intended, but most of us know Minesweeper as the worst Cookie Clicker clone ever designed. We’d fire it up and click all over the board until the smiley face turned sad (and dead). Sometimes we’d get pretty far; sometimes wide swaths of the board opened up, and we knew we were probably some kind of genius, fated to discover new physics, or a way to recycle sewage into edible food.
Subscribe to our blog