SIEM & Log Management with Humio (Now LogScale)
Log management refers to cataloging and monitoring network activity, identifying system events, and storing user requests across a network. A variety of machines, systems, and...
Threat Intelligence Bulletin – Router RATs, Chinese APTs, and the 25 Most Dangerous Software Flaws
Phishing campaign using Azure Front Door in attacks https://www.helpnetsecurity.com/2022/06/27/azure-front-door-phishing-attacks/ Outline of phishing campaign abusing QuickBooks cloud domain https://www.darkreading.com/remote-workforce/cyberattackers-abuse-quickbooks-cloud-service-ouble-spear-campaign Experts warn of emerging “Black Basta” ransomware...
Threat Intelligence Bulletin – Vulnerable QNAP NAS Devices, Phishing Campaign Delivering Cobalt Strike, and Atlassian Confluence Flaws
Ransomware targeting vulnerable QNAP Network Attached Storage devices https://www.bleepingcomputer.com/news/security/qnap-nas-devices-targeted-by-surge-of-ech0raix-ransomware-attacks/ PHP flaw in QNAP Network Attached Storage devices leads to RCE vulnerability https://www.bleepingcomputer.com/news/security/critical-php-flaw-exposes-qnap-nas-devices-to-rce-attacks/ Threat analyst outlines...
Threat Intelligence Bulletin – Exchange Servers Targeted, Panchan Botnet, and Linux Rootkits
DoS vulnerability in envoy proxy allows for attackers to crash the proxy server https://www.darkreading.com/cloud/dos-vulnerability-envoy-proxy-crashes Syslogk Linux rootkit using magic packets to trigger dormant backdoors https://www.bleepingcomputer.com/news/security/new-syslogk-linux-rootkit-uses-magic-packets-to-trigger-backdoor/...
Threat Intelligence Bulletin – CISA Adds New Vulnerabilities to Catalog, Linux Symbiote Malware, and the Most Common Exploit Paths for Q1 2022
Chinese state-sponsored threat actors targeting VPN’s and network devices using several older, well-known flaws https://www.zdnet.com/article/nsa-fbi-warning-hackers-are-using-these-flaws-to-target-vpns-and-network-devices/ New phishing campaign spreading SVCReady malware using shellcode hidden in...
Threat Intelligence Bulletin – Follina, Stolen VPN Credentials, and Telegram Phishing
Microsoft Office zero-day ‘Follina’ (CVE-2022-30190) exploiting Support Diagnostic Tools https://threatpost.com/zero-day-follina-bug-lays-older-microsoft-office-versions-open-to-attack/179756/ https://www.zdnet.com/article/this-zero-day-windows-flaw-opens-a-backdoor-to-hackers-via-microsoft-word-heres-how-to-fix-it/ FBI warns hackers selling VPN credentials from educational institutions https://thehackernews.com/2022/05/fbi-warns-about-hackers-selling-vpn.html Chinese hackers infecting victims...