Thoughts From The Nest

Blog, updates, and release notes


The threats are out there but sometimes they’re in our own house too. Over the last week we’ve learned about a number of large data leaks and breaches. We should be having serious discussions about data security, but instead Germany suggests an end encryption. I’m not the only one throwing shade this week. Baddies are throwing Shade in a new ransomware campaign. Let’s dig in. One billion records breached last week Over the last week, the news was filled with disclosures from organizations about data leaks and data breaches.

Read More


Mea Culpa! I know I usually post this on Wednesday, but it’s been a very busy week at Perch. I’m working out of our Florida nest to meet new partners and collaborate with existing and new Perch threat intelligence partners. Lots of neat stuff happening this week, but I’m going to keep it short and sweet. No summary intro, we’re going in hot. Let’s get this party started. Sandbox escaper drops 0-days and 0-day PoCs on Twitter One on my new favorite security researchers to follow is SandboxEscaper because of her impeccable timing for releases just after a Microsoft Patch Tuesday.

Read More

Release Notes

May 20, 2019


New
Unified community/indicator component


New
X-Pack security support


Bugfix
Fix for a number of date related errors


Bugfix
Fix for configuring email integration does not work


Bugfix
Fix for closed escalations not filtering by org


Bugfix
Fix for ConnectWise layout broken on FireFox


Bugfix
Fix for Perchybana link not displaying


Bugfix
Fix for quick stats being miscalculated when time range changed


Bugfix
Fix for counts in threats/alerts not matching indicator details


Bugfix
Fix for software items failing to load on add/edit pages


Bugfix
Fix for sensor page not reloading on refresh



Lot’s of big game hunting in this weekly threat report. Forbes.com just got popped by credit card skimming pro, MageCart. A number of nasty vulnerabilities are getting the spotlighted in WhatsApp, Windows Remote Desktop, and SQLite. And Hidden Cobra, aka Lazarus, drops a new tunneling tool titled Electricfish. Forbes Magazine compromised: MirrorThief skims MageCarts’ modus operandi We’ve covered MageCart a few different times over the last year, so I thought I’d make you aware of recent events in e-commerce skimming.

Read More

Release Notes

May 13, 2019


New
X-Pack Security, per user Kibana yml


New
Perchybana X-Pack Auth


New
Update requests to ES to pass user credentials


Bugfix
Sensors endpoint isn’t returning data


Bugfix
True/False positives graph is showing 0 on Org Homepage


Bugfix
Alert not showing in SOC queue


Bugfix
Inconsistent data for monitored assets + suppressions/escalations


Bugfix
Suppressions and Escalations charts date axis not filtered


Bugfix
Sensors - endpoint isn’t returning data



Vulnerability disclosures, patches, threats and new attack vectors; healthcare organizations have an ever-growing responsibility to ensure patient safety, information protection and 24x7 uptime responsibilities for critical systems. Couple that with regulatory compliance requirements, hundreds (if not thousands) of medical device manufacturers and a talent shortage in the information security industry and you have what can appear to be an insurmountable charge to ensure the organization has a comprehensive security program.

Read More


Get your hot keys ready, we have a boatload of indicators for you to copy and paste this week. But first, we need to cover some recent events in security. The IDF showed off military response to cyber threats with video release, APT Buckeye was hitting bullseyes a year early in timeline revelation, and ransomware was getting busy on both sides of the pond in two recently disclosed breaches.

Read More


This week we’re looking at some crime stats related to the rise of ransomware, a DHS directive on patch management, a new strain of ransomware that leveraged a 0-day, the return of Magecart, and finally a vulnerability and IoT devices that could help Mirai-variants grow up strong. The rise of Ransomware Cybercriminals have focused on businesses during Q1 2019, with consumer threats decreasing by 24% year over year while businesses have seen a 235% increase in the number of cyber-attacks.

Read More


Today we’re talking about some phishy fellows. Let’s start out with trends in phishing from 2018, then cover two APTs that lean on phishing with malicious documents to spread their malware infections and an IE 0-day that enables phishers to bring home the sensitive-data bacon. Finally, in completely unrelated news, we’re closing out with a critical CERT advisory for Broadcom Wi-Fi chips. Hold on to your dongles! State of the Phishy Union Since we’re talking about an IE 0-day vulnerability that’s best used through phishing and a threat actor who primarily phishes with maldocs, I thought it would be good to start with some findings on the state of the phishing in 2018 from Phishlabs.

Read More

Release Notes

April 23, 2019


New
Misc charts and detail view updates


New
All orgs onboarding progress


New
Sensor Outage Email to include additional information


New
Export escalated alerts as json or csv


New
Sorting, filtering, and actions for pages


New
ConnectWise Billing integration


Bugfix
Sensors - endpoint isn’t returning data


Bugfix
Updating ConnectWise integration for large MSP (Perch SOC) takes too long


Bugfix
Intel recent indicators shows infinite spinner


Bugfix
Onboarding_complete_at gets set when onboarding has not been finished


Bugfix
Indicator backtesting is not returning results