Blog | Perch Security

Threat Report Wednesday May 29th 2019

Paul Scott on May 29, 2019

The threats are out there but sometimes they’re in our own house too. Over the last week we’ve learned about a number of large data leaks and breaches. We should be having serious discussions about data security, but instead Germany suggests an end encryption. I’m not the only one throwing shade this week. Baddies are throwing Shade in a new ransomware campaign. Let’s dig in. One billion records breached last week Over the last week, the news was filled with disclosures from organizations about data leaks and data breaches.

Threat Report Thursday May 23rd 2019

Paul Scott on May 23, 2019

Mea Culpa! I know I usually post this on Wednesday, but it’s been a very busy week at Perch. I’m working out of our Florida nest to meet new partners and collaborate with existing and new Perch threat intelligence partners. Lots of neat stuff happening this week, but I’m going to keep it short and sweet. No summary intro, we’re going in hot. Let’s get this party started. Sandbox escaper drops 0-days and 0-day PoCs on Twitter One on my new favorite security researchers to follow is SandboxEscaper because of her impeccable timing for releases just after a Microsoft Patch Tuesday.

Release Notes

May 20, 2019

New

Unified community/indicator component

New

X-Pack security support

Bugfix

Fix for a number of date related errors

Bugfix

Fix for configuring email integration does not work

Bugfix

Fix for closed escalations not filtering by org

Bugfix

Fix for ConnectWise layout broken on FireFox

Bugfix

Fix for Perchybana link not displaying

Bugfix

Fix for quick stats being miscalculated when time range changed

Bugfix

Fix for counts in threats/alerts not matching indicator details

Bugfix

Fix for software items failing to load on add/edit pages

Bugfix

Fix for sensor page not reloading on refresh

Threat Report Wednesday May 15th 2019

Paul Scott on May 15, 2019

Lot’s of big game hunting in this weekly threat report. Forbes.com just got popped by credit card skimming pro, MageCart. A number of nasty vulnerabilities are getting the spotlighted in WhatsApp, Windows Remote Desktop, and SQLite. And Hidden Cobra, aka Lazarus, drops a new tunneling tool titled Electricfish. Forbes Magazine compromised: MirrorThief skims MageCarts’ modus operandi We’ve covered MageCart a few different times over the last year, so I thought I’d make you aware of recent events in e-commerce skimming.

Release Notes

May 13, 2019

New

X-Pack Security, per user Kibana yml

New

Perchybana X-Pack Auth

New

Update requests to ES to pass user credentials

Bugfix

Sensors endpoint isn’t returning data

Bugfix

True/False positives graph is showing 0 on Org Homepage

Bugfix

Alert not showing in SOC queue

Bugfix

Inconsistent data for monitored assets + suppressions/escalations

Bugfix

Suppressions and Escalations charts date axis not filtered

Bugfix

Sensors - endpoint isn’t returning data

Medical devices: Exploit waiting to happen?

Jeremy Walczak on May 10, 2019

Vulnerability disclosures, patches, threats and new attack vectors; healthcare organizations have an ever-growing responsibility to ensure patient safety, information protection and 24x7 uptime responsibilities for critical systems. Couple that with regulatory compliance requirements, hundreds (if not thousands) of medical device manufacturers and a talent shortage in the information security industry and you have what can appear to be an insurmountable charge to ensure the organization has a comprehensive security program.

Threat Report Wednesday May 8th 2019

Paul Scott on May 8, 2019

Get your hot keys ready, we have a boatload of indicators for you to copy and paste this week. But first, we need to cover some recent events in security. The IDF showed off military response to cyber threats with video release, APT Buckeye was hitting bullseyes a year early in timeline revelation, and ransomware was getting busy on both sides of the pond in two recently disclosed breaches.

Threat Report Wednesday May 1st 2019

Paul Scott on May 1, 2019

This week we’re looking at some crime stats related to the rise of ransomware, a DHS directive on patch management, a new strain of ransomware that leveraged a 0-day, the return of Magecart, and finally a vulnerability and IoT devices that could help Mirai-variants grow up strong. The rise of Ransomware Cybercriminals have focused on businesses during Q1 2019, with consumer threats decreasing by 24% year over year while businesses have seen a 235% increase in the number of cyber-attacks.

Threat Report Wednesday April 24th 2019

Paul Scott on April 24, 2019

Today we’re talking about some phishy fellows. Let’s start out with trends in phishing from 2018, then cover two APTs that lean on phishing with malicious documents to spread their malware infections and an IE 0-day that enables phishers to bring home the sensitive-data bacon. Finally, in completely unrelated news, we’re closing out with a critical CERT advisory for Broadcom Wi-Fi chips. Hold on to your dongles! State of the Phishy Union Since we’re talking about an IE 0-day vulnerability that’s best used through phishing and a threat actor who primarily phishes with maldocs, I thought it would be good to start with some findings on the state of the phishing in 2018 from Phishlabs.

Release Notes

April 23, 2019

New

Misc charts and detail view updates

New

All orgs onboarding progress

New

Sensor Outage Email to include additional information

New

Export escalated alerts as json or csv

New

Sorting, filtering, and actions for pages

New

ConnectWise Billing integration

Bugfix

Sensors - endpoint isn’t returning data

Bugfix

Updating ConnectWise integration for large MSP (Perch SOC) takes too long

Bugfix

Intel recent indicators shows infinite spinner

Bugfix

Onboarding_complete_at gets set when onboarding has not been finished

Bugfix

Indicator backtesting is not returning results

Thoughts From The Nest