The threat group APT29, also known as Cozy Bear, is well-known for their alleged work infiltrating the U.S. Democratic National Committee during the 2016 presidential election cycle — but that’s only the tip of the iceberg when it comes to what…
Read MoreJune 9, 2020
In times of crisis and uncertainty, nefarious threat actors have always preyed on the public and worked to exploit the situation for their benefit. The COVID-19 pandemic is no exception, as attackers have begun to masquerade and disguise common cyberattacks…
Read MoreMarch 27, 2020
The zero-day “baseStriker” vulnerability is still widely in use, but do you know what to look out for if it finds its way into your organization? While 18 months have passed since Microsoft developed a fix for the vulnerability that…
Read MoreNovember 14, 2019
Just over a year ago, the world saw two major ransomware outbreaks in short succession. The first being WannaCry, followed by NotPetya a few weeks later. Unlike WannaCry, NotPetya infected machines on a network by exploiting the devices that were…
Read MoreJuly 5, 2018
Despite a patch being released for the Drupal vulnerability known as Drupalgeddon 2.0, educational institutions and government entities globally are still feeling its impacts. Since its release on March 28, 2018, the bug has impacted about 1 million sites that…
Read MoreJune 27, 2018
On May 23, 2018, Talos Group released its analysis of an ongoing malware attack it named “VPNFilter.” The Talos analysis indicates that this attack was first identified in 2016 and, as of June 2018, has compromised more than 500,000 endpoints.…
Read MoreJune 13, 2018
Contributors to this blog include Nathaniel “Q” Quist and Sam Straka. On April 14, 2017, Shadow Brokers released a set of previously classified exploit tools developed by the National Security Agency. Within this cache of exploits, perhaps the most notorious…
Read MoreMay 14, 2018
In June 2017, Palo Alto’s Unit 42 Threat Research team published an excellent blog post on a newly detected version of the PlugX malware family, also known as “Korplug.” Interested to find out more about this new variant, I started…
Read MoreApril 18, 2018
Contributors to this blog include Nathaniel “Q” Quist and Dan Kaiser. On February 28 and March 5, 2018, Memcached DDoS attacks targeted GitHub. LogRhythm Labs performed an investigation into the cause, effect, and outcome of these attacks. The following will…
Read MoreMarch 8, 2018
Contributors to this blog include Nathaniel Quist and Dan Kaiser. Last week, we provided background on Spectre and Meltdown vulnerabilities in our LogRhythm Labs Security Advisory on Spectre and Meltdown blog. In response to these vulnerabilities, LogRhythm Labs has developed…
Read MoreJanuary 11, 2018
