All Blog posts
Cyber / MSP / MSSP No major attacks have occurred this week, however MSPs will continue to remain a top target for attackers. Phishing will remain the top attack vector throughout 2022. 94% of all malware gets delivered by email — using social engineering techniques to trick users into opening malicious attachments or links. Phishing attacks still continue to grow rapidly: just this year, Acronis reported blocking 23% more phishing […]
Vulnerability Overview On December 10, 2021, the Apache Software Foundation released a security advisory to address a remote code execution vulnerability (CVE-2021-44228) affecting Log4j versions 2.0-beta9 to 2.14.1. A remote adversary could exploit this vulnerability to take control of an affected system. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. Private organizations, law enforcement, and security services providers are responding to active, widespread […]
By: Tyler Horner 2021-March-29 Executive Summary Purple Fox is an active malware campaign targeting Windows machines. Up until recently, Purple Fox’s operators infected machines by using exploit kits and phishing emails. Guardicore Labs have identified a new infection vector of this malware where internet-facing Windows machines are being breached through SMB password brute force. Guardicore Labs have also identified Purple Fox’s vast network of compromised servers hosting its dropper and […]
Issue Overview Lots of news has been made recently about an issue in Zoom which reportedly opens users up to attacks whereby a remote threat actor collects the username and the hashed password of the victim. The attacker would then use password cracking tools to decrypt the victim’s password and gain unauthorized access to resources. The truth is that the underlying issue is with the way Microsoft Windows systems are […]
Many factors go into developing a good data retention policy, including client, partner and regulatory requirements, operational needs, and your own service delivery model, but don’t forget to factor in the risks of retaining too much data, retaining required data for longer than necessary, or the need to minimize data and how your risks can be exponentially increased if these decisions are not carefully made.
CYBERSECURITY SPOTLIGHT: RANSOMWARE Ransomware Defined Ransomware is a class of malicious software (malware) that holds the victim’s computer system and data hostage with a demand for a ransom payment to restore access. Ransomware typically uses file level or full disk encryption to effectively lock the victim out, preventing access to their system and/or the data on it. The effects of a ransomware attack can be devastating in terms of data […]
Malvertising, is that even a word? This isn’t some cutesy Celebrity couple’s name, instead it is when Malware is delivered through the use of online advertising, hence the name “Malvertising”. This is a fan favorite among attackers because it can spread malware through legitimate websites without having to compromise the actual site. How do they pull this off? We have all seen the ads over to one side while […]
The Need for Managed Security Monitoring in the SMB Space We received a call to work a malware incident at a small healthcare firm in the Pacific Northwest. We contacted their IT Admin, got a remote session going and started collecting initial information to do some quick triage and find out what we were dealing with. Our Security Engineer quickly identified the malware as Synack Ransomware, and it had compromised […]
Ransomware as a Service (RAAS) Overview Just like you can go out and run your website on a Infrastructure as a Service platform or use a popular CRM system (rhymes with Gale’s Horse) that is referred to as Software as a Service, threat actors can get malware from platforms offering Ransomware as a Service, complete with customization, obfuscation, packing, a billing service so that the hacker and the RAAS folks […]
Wait a Minute, what is a “Powershell Attack” anyway? Attackers are always looking for ways to bypass security and Powershell has become a fan favorite among them. Powershell is present in every system that has Windows 7 or Windows Server 2008 and higher. It is primarily used for system administration and most companies don’t monitor Powershell activity. That along with the fact that Powershell scripts can deliver code without touching […]