Thoughts From the Nest

Blog, updates and release notes.

Threat Report Thursday April 4th 2019

on April 4, 2019


This week Skylight Cyber bursts Kaspersky’s Shadowhammer bubble. Dive into some Apache and PHP 0-days. Also, both Cisco and Georgia tech learn that there are no second chances in security. BARIUM likely responsible for Shadowhammer Kaspersky is slow dripping information on Shadowhammer, but the community is not waiting. Out of 57,000 observed infections Kaspersky identified only 600 targets Shadowhammer targeted for second stage infection. Shadowhammer identifies targets based a unique identifier assigned to a network interface controller (NIC), called a media access control address (MAC address).

Read More

Threat Report Wednesday March 27th 2019

on March 27, 2019


Supply chain attacks have been a growing threat for years. For any growing business, a dependence upon partners allows for the business to focus on their core mission. In many cases, this can typically involve either making technology partnerships or adopting technology platforms through mergers and acquisitions. Any of these changes require analysis to determine what new risks may be incurred. This week we’re focusing on recent news related to supply chain attacks, and the risks of adopting new technology through adoption or acquisition.

Read More

ConnectWise Launches New Security Assessment Tool for Managed Service Providers

Perchy on March 26, 2019


ConnectWise today announced the launch of ConnectWise Identify™ which allows managed service providers (MSPs) to easily assess their own and their customers’ current security posture against a wide variety of malicious cybersecurity threats. The result is an easy-to-understand, customized risk report with remediation options, all from a single pane of glass, that has implications for the entire business, not just the network. View the rest of the article here.

Read More

Release Notes

March 25, 2019


New
Add sensor name to the Sensor Detail page

New
Org should persist on refresh

New
Improve Perchybana dashboard importing speed

New
Require users sign ToS

New
Confirm emails for new users

New
Sensor outage emails

Bugfix
Fix counting issue on new record creation

Bugfix
Suppression statistics always show 0%

Bugfix
2FA status shows as unknown

Bugfix
The remediation graph on the right isn’t displaying data

Bugfix
Sensor details does not load

Bugfix
IP Count for MSP isn’t showing when MSP is selected

Bugfix
Details page is too wide and scrolls on some screens

Bugfix
Inaccurate private IP counts

Bugfix
Use Indices Queries to select indexes, keeping URLs short

Threat Report Wednesday March 20th 2019

on March 20, 2019


Ever wonder what attackers do once they get code execution to your hosts? Easy, they roll out ransomware or crypto miners to maximum effect. This week we’re focusing on rats, ransoms, and miners. RATS! Remote access trojans (RATs) on a corporate system may serve as a key pivot point to access information laterally within an enterprise network. By analyzing network metadata, Recorded Future analysts were able to identify RAT command-and-control (C2) servers, and more crucially, which corporate networks were communicating to those controllers.

Read More

Threat Report Wednesday March 13th 2019

on March 13, 2019


This week we’re going learn about some 0-day vulnerabilities that have been running wild. Then we’re going to close out with some techniques red teamers and threat actors are using to bypass controls, pop shells, escalate privilege, and own your systems. Four horsemen of the exploit apocalypse ride wild In February, researchers reported to Microsoft that attackers in the wild were using a 0-day exploit to escalate Windows privileges. Microsoft has just released a patch crediting Kaspersky Lab researchers, Vasiliy Berdnikov and Boris Larin, with the discovery of a vulnerability in win32k.

Read More

Release Notes

March 11, 2019


New
Allow opening navigation links in new tabs

New
Child Customer IP counts

New
Make comments more accessible

New
Side navigation revamp

New
Add option to open some links in existing or new tab

Bugfix
Since You’ve Been Gone does not wrap or truncate

Bugfix
No Analyzers to Run

Bugfix
Noisy alerts cause alert queue to back up

Bugfix
Some ConnectWise companies are not returned in configuration dropdown

Threat Report Thursday March 7th 2019

on March 7, 2019


This week we’re focusing on ransomware. Let’s take a look at two new pieces of ransomware, a ransomware infrastructure service, how ransomware is distributed, and what you can do about it. Spoiler, if you don’t already have plans to secure backups of your mission critical data, you’re going to make some after this week’s threat report. Jokeroo RaaS is ready for your SaaS Last week I predicted a GandCrab variant would be released on a specific underground, and looky here.

Read More

How can I help?

on March 5, 2019


“How can I help?” – seems like a simple question to ask. It wasn’t until I started watching a new medical drama last fall that I started asking this question myself. In the show, the premise of the question is supposed to invoke optimism and hope in a profession that is otherwise known for the bureaucratic red tape of the healthcare system. Fortunately, in my line of work it is not as regulated as this (even though it could be – let’s save that for another blog), but in asking this question of my colleagues, partners, and clients it has provided me a wealth of opportunity that I would otherwise not have experienced.

Read More

Release Notes

February 28, 2019


New
* Managing providers can see their customers' providers to help coordinate responses to threats * Filter by geo points in Perchybana * Dashboards in Perchybana now support src_ip


Bugfix
* Bug fixes and tweaks for the new navigation * Fixed a bug where status was not displaying in some alert status change emails


PerchySubscribe to our blog