LogRhythm Labs

Monitor Zoom Security and Privacy Risks Using the LogRhythm NextGen SIEM

The mass migration to remote working in recent times has caused an increased focus on the security of remote collaboration tools. LogRhythm has found a variety of these tools in our customer base and has built collection methods and analytics…

Read More

Detecting Young Domains with Palo Alto Networks and LogRhythm

As the world continues dealing with a pandemic involving the coronavirus disease (COVID-19), malicious campaigns are well underway. For example, an opportunistic attacker will leverage a user’s sense of urgency and curiosity to prompt them to open a malicious email,…

Read More

5 PCI-DSS Compliance Questions Every Security Analyst Should Ask

If you are involved in taking payment for a good or service of any kind, you are likely required to comply with the Payment Card Industry Data Security Standards (PCI-DSS). This comprehensive security framework and compilation of best practices applies…

Read More
RiskIQ COVID-19 Domain List

Using Open-Source Intelligence to Detect Attacks Using Newly Created Domain Names

When high-profile threats surface, they are often accompanied by a flurry of information sharing from security researchers and practitioners. The information they share can be delivered in a variety of formats. For example, following the recent malware activity surrounding the…

Read More

Detect Phishing Campaigns and Stolen Credentials with Custom AI Engine Rules

Attackers have been known to take advantage of world events to increase their use of phishing, social engineering, malware delivery, and numerous other nefarious attacks. The recent COVID-19 pandemic is no exception as attackers are currently creating custom campaigns to…

Read More
Remote work

Insights and Included Content to Protect Your Organization During Times of Crisis

In times of crisis and uncertainty, nefarious threat actors have always preyed on the public and worked to exploit the situation for their benefit. The COVID-19 pandemic is no exception, as attackers have begun to masquerade and disguise common cyberattacks…

Read More

Living Off the Land Attacks with Scheduled Task

In our previous living off the land (LotL) blog post, we discussed why attackers use tools that already exist in the environment to plan an attack. But what role does Microsoft Scheduled Tasks in an attacker’s plan? In this post, we’re…

Read More

LogRhythm Labs: Cybersecurity Expertise Delivered into Your LogRhythm Deployment

What is LogRhythm Labs? LogRhythm Labs is the team that researches and creates the content that goes into the LogRhythm NextGen SIEM Platform. The team mission is to: Research and deliver world-class security, compliance, intelligence, and operational risk content to protect our customers…

Read More
4 Trending Phishing Techniques

4 Trending Phishing Techniques: Real-Life Examples and Tips for Detection

Many successful attacks begin with a phishing email that some user falls for. And that’s why MITRE prominently features Spearphishing (T1192) as an Initial Access technique in ATT&CK. View the on-demand webinar with Ultimate Windows Security to learn about the latest phishing techniques used by attackers and how MITRE ATT&CK can help detect and remediate these threats.

Read More

Beware of Coronavirus Phishing Attempts — Tips to Keep Your Organization Safe

Coronavirus: it’s what every news outlet and person is talking about. With the outbreak of the infection, people want to stay up to date on the latest news and reports, so they’re looking up data and clicking on links to…

Read More

What Are Living Off the Land Attacks?

In the physical world, “living off the land” simply means to survive only by the resources that you can harvest from the natural land. There may be multiple reasons for doing this — perhaps you want to get “off the…

Read More
Top 2019 Cybersecurity Themes

2019 in the Rearview, 2020 in the Windshield

2019 was a big year for IT security whichever way you choose to look at it. Huge volumes of records were exposed, loads of organizations experienced a ransomware attack, skimmers compromised countless websites, and European authorities issued massive fines under…

Read More
Cybersecurity Predictions for 2020

8 Cybersecurity Predictions for 2020

As we do each year, the LogRhythm Labs team came together recently to reflect on the year in cybersecurity and think about what’s to come. 2019 was definitely interesting. Breaches continued to keep organizations on their toes, with over 5,000…

Read More
The zero-day “baseStriker” vulnerability

Examining the baseStriker Vulnerability

The zero-day “baseStriker” vulnerability is still widely in use, but do you know what to look out for if it finds its way into your organization? While 18 months have passed since Microsoft developed a fix for the vulnerability that…

Read More
Panel of LogRhythm Experts Discuss Security Awareness Programs

Experts Weigh in on National Cybersecurity Awareness Program

In honor of National Cybersecurity Awareness Month, we sat down with some of our security experts to talk about their experience raising awareness in the industry and implementing cyber training. Read the interview to get their thoughts and some inspiration…

Read More
LogRhythmIT Operations Module Dashboard

Exploring IT Operations with LogRhythm

The LogRhythm NextGen SIEM Platform collects, classifies, and normalizes log data from over 800 unique source types. At LogRhythm, our focus has always been on identifying and mitigating security threats through monitoring, alarming, and event log correlation. And while we…

Read More

How to Balance Security Maturity and Compliance with LogRhythm

Compliance doesn’t guarantee prevention against a breach, and it never will. Various frameworks, legislation, and regulations are meant to lay part of the foundation for organizations to build and expand on; though this rarely is the case. While different industries…

Read More
Compromise: Abnormal Process Activity” from the UEBA module

Aligning the LogRhythm NextGen SIEM Platform with the MITRE ATT&CK Framework

Contributors to this blog include Dan Kaiser and Brian Coulson. The MITRE ATT&CK framework is quickly becoming a focal point in the security world — and for good reason. This framework provides a consistent, industry-wide standard on which you can…

Read More