Threat Research

Ransomware-as-a-Service Breakdown: Auditing Conti and REvil TTPs Using the MITRE ATT&CK Framework

Read More
Clouds

An Overview of Cloud-Native Security Approaches

Responsibility for cloud security is shared between the cloud service provider’s (CSP) security department and the corporate information security team. In order to ensure compliance, visibility, and control across the entire stack of applications, the cloud service providers and various…

Read More

Don’t Gamble with Golden SAML

Read More

Moving Laterally to the Microsoft 365 Cloud Using a Simulated Domain Trust Modification Attack

Read More

Dissecting the Golden SAML Attack Used by Attackers Exploiting the SUNBURST Backdoor

Read More
Mac Laptop

How to Audit and Test for Sudo’s CVE-2021-3156 with LogRhythm

TL/DR Qualys has reported that Sudo, before 1.9.4p2, has a heap-based buffer overflow vulnerability that allows privileged escalation to root via “sudoedit -s” and a command-line argument that ends with a single backslash character. Detecting a successful exploit of the…

Read More
Ransomware Prevention Panel: How to Address a Pervasive and Unrelenting Threat

Ransomware Prevention Panel: How to Address a Pervasive and Unrelenting Threat

Watch this on-demand webcast to dive deeper into the themes explored in the SANS white paper “How to Address a Pervasive and Unrelenting Threat,” written by SANS instructor Justin Henderson. Along with Justin, you’ll learn from a panel of cybersecurity experts about how to protect against infection vectors, the latest trends in ransomware attacks, and how defending against ransomware changes when considering remote workforces.

Read More

Anatomy of a Hacker Group: APT29 (AKA Cozy Bear)

Watch the on-demand webinar now to learn from members of LogRhythm Labs’ threat research team and Randy Franklin Smith of Ultimate Windows Security, who will do a deep-dive into the APT29 threat group, their activities, and how you can automate the detection and mitigation of threats either associated with the group or that use similar techniques.

Read More
Remote work

Insights and Included Content to Protect Your Organization During Times of Crisis

In times of crisis and uncertainty, nefarious threat actors have always preyed on the public and worked to exploit the situation for their benefit. The COVID-19 pandemic is no exception, as attackers have begun to masquerade and disguise common cyberattacks…

Read More
The zero-day “baseStriker” vulnerability

Examining the baseStriker Vulnerability

The zero-day “baseStriker” vulnerability is still widely in use, but do you know what to look out for if it finds its way into your organization? While 18 months have passed since Microsoft developed a fix for the vulnerability that…

Read More

NotPetya Anniversary — Is a Version 2 Coming?

Just over a year ago, the world saw two major ransomware outbreaks in short succession. The first being WannaCry, followed by NotPetya a few weeks later. Unlike WannaCry, NotPetya infected machines on a network by exploiting the devices that were…

Read More

Detecting Drupalgeddon 2.0

Despite a patch being released for the Drupal vulnerability known as Drupalgeddon 2.0, educational institutions and government entities globally are still feeling its impacts. Since its release on March 28, 2018, the bug has impacted about 1 million sites that…

Read More