Thoughts From The Nest

Blog, updates, and release notes


“Cisco is partnering with Perch Security to deliver a new security solution for managed service providers (MSPs) who are challenged by an evolving threat landscape. MSPs are on front lines of protecting their clients against data breaches, malware, ransomware and other attacks for which they are often unprepared. To address these threats, Cisco is applying its security expertise and portfolio to MSPs in partnership with Perch to bring them the tools that will strengthen their security posture and better protect both themselves and their clients.

Read More

Release Notes

October 21, 2019


New
Added debugging information for integrations
New
Added CISCO AMP4E integration
New
Improved performance for alerts and related API calls
New
Created an immutable token for winlogbeats
Bugfix
Fixed indicator details view
Bugfix
Fixed customer contacts
Bugfix
Fixed Elasticsearch errors for large customers
Bugfix
Fixed ConnectWise Automate app feature for Isolate Host Script represented as a number in the UI
Bugfix
Fixed SQS message generation
Bugfix
Fixed suppression for IP generating alerts for given IP
Bugfix
Fixed MSP organizations setting up new subordinate orgs for their customers being marked as MSP
Bugfix
Fixed event notifications missing Index Types
Bugfix
Fixed alerts for app crashes when False Positive is clicked
Bugfix
Fixed event notifications which encounter Null Pointer Exception in ES Query
Bugfix
Fixed special characters in notification name breaking Perchybana links
Bugfix
Fixed new event notifications with simple schedule fails
Bugfix
Fixed TypeError in alert processing suppression counts
Bugfix
Fixed View in Perchybana links
Bugfix
Fixed Perchybana 414 Request-URI too large
Bugfix
Fixed FFIEC report export
Bugfix
Fixed when user checks Perchybana and Create Index Pattern is displayed

A new MSP cybersecurity conference is set to launch in January 2020. The event, hosted by Perch Security, is dubbed PerchyCon. The Tampa, Florida-based conference is designed for MSP and MSSP owners as well as infosec practitioners. Perch Security offers co-managed threat detection and response (MDR) services. The company has a growing base of MSP partners, plus investment backing from ConnectWise and Fishtech Group. Get the full article here.

Read More


Did you miss us last week? We’ve been busy investigating some recent threats and have an update for you in this week’s threat report. Hackers get hacked for 26M cards, APT35 returns with a new campaign using non-standard link shorteners, Diamond Fox gets demo’d on YouTube, and Bishopfox releases Pwn Pulse POC. Hackers pilfer underground hack store for 26M stolen credit cards One of the largest underground stores for buying stolen credit card data, BriansClub, was hacked.

Read More


“We’re thrilled to name Perch Security a winner as Managed Detection and Response (MDR) and also Intrusion Detection System (IDS) in our Global Awards program. They won these awards because they pioneered threat detection – an innovative approach to defeating the next generation of cyber criminals,” said Gary S. Miliefsky, Publisher, Cyber Defense Magazine. Get the full story here. About Cyber Defense Global Awards This is Cyber Defense Magazine's seventh year of honoring InfoSec innovators from around the globe.

Read More


A new-ish customer asked us this week about the quality of their ransomware detection coverage (based on the intel feeds they were pulling in), and how Perch handles ransomware. It was a great question, so I thought I would recap it here and share it with all of you. Intel on ransomware: Perch has a large and ever-growing amount of detections for ransomware. Here are just a few examples if you’d like to take a look.

Read More


Threat actors are focusing their attention on a number of different industries in this week’s threat report. U.S. Oil and Gas RATs, defense contractors with sensitive info hit by ransomware, and a bunch of well-known online publishers are targeted for malvertising. It’s a good week to join your industry’s ISAC/ISAO if you have one. In addition to the industry focused infections, we’ve got another critical EXIM vulnerability and new Windows malware, Nodersok, is teaching lessons about living-off-the-land.

Read More


In this week’s threat report, we’re covering some out-of-band critical patches released by Microsoft to prevent code execution, a malspam campaign targeting U.S. utilities, some new variants info stealing malware for Mac, and a 0-day in popular forum software. Microsoft releases emergency patches Microsoft released two out-of-band security updates for a remote code execution vulnerability tracked “CVE-2019-1367” and a denial-of-service vulnerability tracked “CVE-2019-1255”. CVE-2019-1367 allows attackers to execute arbitrary code in the context of the current user.

Read More

Release Notes

September 24, 2019


New
Migrate Private Team Comment emails to organization settings
New
Create custom event notifications and log alerts for Perchybana
Bugfix
Fixed issues with exporting login history in Perch
Bugfix
Fixed app displaying “Select an Org” while loading
Bugfix
Fixed Perchybana redirect loop

In this week’s threat report we’re covering a variety of topics. Summer is over and the fall malspam campaigns have arrived, multiple open databases have led to a loss of valuable data, and a wiry new malware dropper jumps into action. Let’s get this party started. Summer vacation is over for Emotet Emotet infected hosts began communicating with command and control infrastructure, which pushed updates to the bots, and started a new malspam campaign on 9/16/19 after taking summer off.

Read More