Dynamic Data Exchange (DDE): Detection and Response, Part 1
Malicious actors have begun using Microsoft’s Dynamic Data Exchange (DDE) mechanism to deliver payloads via Microsoft Office documents instead of the traditional embedded macros or VBA code. Specially crafted Microsoft Office documents sent via email can be used to carry…
Read More
February 12, 2018
Ensure Your Systems Are Patched from Meltdown and Spectre Vulnerabilities
Posted by: LogRhythm Labs
Contributors to this blog include Nathaniel Quist and Dan Kaiser. Last week, we provided background on Spectre and Meltdown vulnerabilities in our LogRhythm Labs Security Advisory on Spectre and Meltdown blog. In response to these vulnerabilities, LogRhythm Labs has developed…
Read More
January 11, 2018
Security Advisory: Meltdown and Spectre Vulnerabilities
Posted by: LogRhythm Labs
Between January 3 and 4, 2018, three vulnerabilities in processor hardware were made public that affect nearly all modern architectures. Impacted architectures include Intel, AMD, and ARM. If successfully exploited, an unprivileged process on an affected system could read privileged…
Read More
January 5, 2018
8 Information Security Predictions for 2018
Posted by: LogRhythm Labs
2017 has been another year full of front-page computer security events and incidents. Headlines have bulged with state-sponsored attacks, ransomware, leaks, and a continuing wave of data breaches. As we welcome 2018, we’ve not only reflected on the cyberattacks of…
Read More
January 2, 2018
One Compliance Module to Rule Them All: Consolidated Compliance Framework
Posted by: LogRhythm Labs
The continued growth, proliferation, and awareness of cybersecurity as a necessary focus for all companies has helped revolutionize the global compliance landscape. A growing number of old regulations have been re-factored to include more stringent cybersecurity controls. New regulations are…
Read More
December 13, 2017
Information Security Predictions for 2017 – How Did We Do?
Posted by: LogRhythm Labs
Around this time every year, we dust off our crystal ball, pull out the casting runes, and ruminate over what might happen in the world of Information Security in the year to come. While we are gathering information for our…
Read More
December 6, 2017
Phishing Intelligence Engine (PIE): Open-Source Release
We are pleased to announce the release of the LogRhythm Phishing Intelligence Engine (PIE), an integrated app with LogRhythm’s NextGen SIEM Platform. What is Phishing Intelligence Engine (PIE)? LogRhythm’s PIE can help streamline and automate the entire process of tracking,…
Read More
November 8, 2017
Bad Rabbit Ransomware Technical Analysis
Posted by: LogRhythm Labs
Update: Further analysis of the code revealed new information regarding the spread of Bad Rabbit across the network. This post has been updated to reflect this new information. Bad Rabbit Ransomware Background On the afternoon of October 24, 2017 (BST),…
Read More
October 27, 2017
The Reality of Ransomware
As the ransomware landscape continues to quickly change and evolve, every CISO also needs to evolve their business continuity and disaster recovery plans to ensure the impacts of ransomware can be minimized. If you haven’t updated your business continuity and…
Read More
September 18, 2017
What is the GDPR and How Can You Prepare?
The General Data Protection Regulation (GDPR) is the world’s first attempt at implementing big data compliance regulation, and it seems to be inspiring some fear throughout the compliance industry. Now that GDPR has come to combat the uptick in cyberattacks,…
Read More
September 7, 2017
Breaking Down the Anatomy of a Phishing Attack
Anatomy of a Phishing Attack Detecting a spear phishing attack can often be like searching for a needle in haystack. However, your security operation center (SOC) analysts can use LogRhythm’s SmartResponse™ and AI Engine to rapidly detect and respond to…
Read More
August 23, 2017
Mamba Ransomware Analysis
Posted by: LogRhythm Labs
Mamba Ransomware Background In September of 2016, a strain of ransomware was found in the wild which performed full disk encryption. According to Kaspersky Lab researchers1, this ransomware strain named “Mamba” now appears to be re-circulating, primarily in Brazil and…
Read More
August 15, 2017
How to Make Your SIEM Speak
Your security teams can be responsible for managing a number of logs, so how do you make malicious behavior and alerts stand out? Using LogRhythm’s SmartResponse™, you can make your SIEM speak to you and audibly alert to a threat.…
Read More
August 8, 2017
Identifying PowerShell Tunneling Through ICMP
Hackers are constantly looking for ways to bypass traditional network defenses, and exploiting the Internet Control Message Protocol (ICMP) as a covert channel for a reverse shell is a commonly used method for attack. However, you can use LogRhythm’s NetMon…
Read More
July 26, 2017
Analyzing ICMP Traffic with NetMon
The Internet Control Message Protocol (ICMP) is one of the foundational internet protocols that define how systems talk to each other. Commands such as ping and traceroute are supported by ICMP. Based on request for comments (RFC) 792, ICMP has…
Read More
July 26, 2017
Automate Project Management with SmartResponse
The SIEM is a great central aggregate for case data and analytics, but also has the ability to give your team back valuable time if you take advantage of automation. The more automation you can build into a SIEM, the…
Read More
July 20, 2017
Using the Internet of Things and SmartResponse to Receive SIEM Alarms
Wouldn’t it be great if you could be notified of SIEM alarms through the Internet of Things (IoT)? Well, now you can! Introducing the Philips Hue SmartResponse™ and PowerShell script. Imagine that your analysts are busy working on other things,…
Read More
July 6, 2017
NotPetya Technical Analysis
In our Detecting Petya/NotPetya post, we described the way in which NotPetya (or “Nyetna” as it has also been named) spreads to other systems on the network without use of the ETERNALBLUE/ETERNALROMANCE SMBv1 exploits. (Although the code contains the ability…
Read More
June 30, 2017