TL;DR First and foremost, apply patches to the Exchange infrastructure. Assume compromise. It’s been reported that the attackers launched a massive compromise attack against 60,000+ Exchange Servers before patches became available, and many other attackers are actively looking for exploited…
Read MoreMarch 17, 2021
How Process Creation Events Can Be Centralized for Ease of Analysis Process creation events are written to the Windows Event Log on the local endpoint where they are generated. This raises an obvious issue for defenders looking to proactively review these…
Read MoreMarch 15, 2021
What is SIEM? SIEM stands for security, information, and event management. SIEM technology aggregates log data, security alerts, and events into a centralized platform to provide real-time analysis for security monitoring. Security operation centers (SOCs) invest in SIEM software to…
Read MoreMarch 12, 2021
Security professionals are widely adopting MITRE ATT&CK™ for network threat hunting. ATT&CK stands for Adversarial Tactics, Techniques and Common Knowledge, and it represents a globally accessible information base of adversary tactics and techniques based on real-world observations. MITRE ATT&CK provides…
Read MoreFebruary 26, 2021
TL/DR Qualys has reported that Sudo, before 1.9.4p2, has a heap-based buffer overflow vulnerability that allows privileged escalation to root via “sudoedit -s” and a command-line argument that ends with a single backslash character. Detecting a successful exploit of the…
Read MoreFebruary 23, 2021
Implementing a Zero Trust framework across an organization requires leading with a “never trust and always verify” mindset to secure your data and resources. Over the years, organizations have increasingly implemented Zero Trust frameworks into their environment because technological advancements…
Read MoreFebruary 22, 2021
