Paul Scott on
April 4, 2019
This week Skylight Cyber bursts Kaspersky’s Shadowhammer bubble. Dive into some Apache and PHP 0-days. Also, both Cisco and Georgia tech learn that there are no second chances in security.
BARIUM likely responsible for Shadowhammer Kaspersky is slow dripping information on Shadowhammer, but the community is not waiting. Out of 57,000 observed infections Kaspersky identified only 600 targets Shadowhammer targeted for second stage infection. Shadowhammer identifies targets based a unique identifier assigned to a network interface controller (NIC), called a media access control address (MAC address).
Read More
Paul Scott on
March 27, 2019
Supply chain attacks have been a growing threat for years. For any growing business, a dependence upon partners allows for the business to focus on their core mission. In many cases, this can typically involve either making technology partnerships or adopting technology platforms through mergers and acquisitions. Any of these changes require analysis to determine what new risks may be incurred. This week we’re focusing on recent news related to supply chain attacks, and the risks of adopting new technology through adoption or acquisition.
Read More
Perchy on
March 26, 2019
ConnectWise today announced the launch of ConnectWise Identify™ which allows managed service providers (MSPs) to easily assess their own and their customers’ current security posture against a wide variety of malicious cybersecurity threats. The result is an easy-to-understand, customized risk report with remediation options, all from a single pane of glass, that has implications for the entire business, not just the network.
View the rest of the article here.
Read More
March 25, 2019
New
Add sensor name to the Sensor Detail page
New
Org should persist on refresh
New
Improve Perchybana dashboard importing speed
New
Require users sign ToS
New
Confirm emails for new users
Bugfix
Fix counting issue on new record creation
Bugfix
Suppression statistics always show 0%
Bugfix
2FA status shows as unknown
Bugfix
The remediation graph on the right isn’t displaying data
Bugfix
Sensor details does not load
Bugfix
IP Count for MSP isn’t showing when MSP is selected
Bugfix
Details page is too wide and scrolls on some screens
Bugfix
Inaccurate private IP counts
Bugfix
Use Indices Queries to select indexes, keeping URLs short
Paul Scott on
March 20, 2019
Ever wonder what attackers do once they get code execution to your hosts? Easy, they roll out ransomware or crypto miners to maximum effect. This week we’re focusing on rats, ransoms, and miners.
RATS! Remote access trojans (RATs) on a corporate system may serve as a key pivot point to access information laterally within an enterprise network. By analyzing network metadata, Recorded Future analysts were able to identify RAT command-and-control (C2) servers, and more crucially, which corporate networks were communicating to those controllers.
Read More
Paul Scott on
March 13, 2019
This week we’re going learn about some 0-day vulnerabilities that have been running wild. Then we’re going to close out with some techniques red teamers and threat actors are using to bypass controls, pop shells, escalate privilege, and own your systems.
Four horsemen of the exploit apocalypse ride wild In February, researchers reported to Microsoft that attackers in the wild were using a 0-day exploit to escalate Windows privileges. Microsoft has just released a patch crediting Kaspersky Lab researchers, Vasiliy Berdnikov and Boris Larin, with the discovery of a vulnerability in win32k.
Read More
March 11, 2019
New
Allow opening navigation links in new tabs
New
Child Customer IP counts
New
Make comments more accessible
New
Side navigation revamp
New
Add option to open some links in existing or new tab
Bugfix
Since You’ve Been Gone does not wrap or truncate
Bugfix
No Analyzers to Run
Bugfix
Noisy alerts cause alert queue to back up
Bugfix
Some ConnectWise companies are not returned in configuration dropdown
Paul Scott on
March 7, 2019
This week we’re focusing on ransomware. Let’s take a look at two new pieces of ransomware, a ransomware infrastructure service, how ransomware is distributed, and what you can do about it. Spoiler, if you don’t already have plans to secure backups of your mission critical data, you’re going to make some after this week’s threat report.
Jokeroo RaaS is ready for your SaaS Last week I predicted a GandCrab variant would be released on a specific underground, and looky here.
Read More
Mike Golz on
March 5, 2019
“How can I help?” – seems like a simple question to ask. It wasn’t until I started watching a new medical drama last fall that I started asking this question myself. In the show, the premise of the question is supposed to invoke optimism and hope in a profession that is otherwise known for the bureaucratic red tape of the healthcare system. Fortunately, in my line of work it is not as regulated as this (even though it could be – let’s save that for another blog), but in asking this question of my colleagues, partners, and clients it has provided me a wealth of opportunity that I would otherwise not have experienced.
Read More
February 28, 2019
New
* Managing providers can see their customers' providers to help coordinate responses to threats
* Filter by geo points in Perchybana
* Dashboards in Perchybana now support src_ip
Bugfix
* Bug fixes and tweaks for the new navigation
* Fixed a bug where status was not displaying in some alert status change emails
Subscribe to our blog