Introduction Securonix Threat Labs R&D/Securonix Threat Research team has been actively monitoring and investigating the details of the critical PrintNightmare attacks (see Figure 1) [1, 3] targeting zero-day Microsoft Windows Print Spooler Service RCE Vulnerabilities… The post Securonix Threat Labs Initial Coverage Advisory: Detection of PrintNightmare Windows Print Spooler Exploitation Activity (CVE-2021-1675, CVE-2021-34527) appeared first on Securonix ..read more

The significant increase in remote work/work-from-home (WFH) over the past year as well as the recent high-profile attacks bypassing MFA that involved Solarwinds and cloud providers have heightened the need for the blue teams to… The post Threats from the Wild - Episode 3: Multi-Factor Authentication (MFA) Bypass 101: Pass-the-Cookie/Pass-the-Identity (PTC/PTI) Attack Detection Using Logs appeared first on Securonix ..read more

Introduction Securonix Threat Labs R&D/Securonix Threat Research team has been actively monitoring and investigating the details of the critical targeted Darkside ransomware attacks (tracked by Securonix Threat Research as RE$HOOD) with some of the recent… The post Securonix Threat Labs Initial Coverage Advisory: Darkside Ransomware Targeting Critical Infrastructure Providers appeared first on Securonix ..read more

In this session, Oleg Kolesnikov, VP of Threat Research at Securonix Threat Labs, will share: The latest technical insights into the HAFNIUM/Exchange attacks activity in the wild observed by the Securonix Threat Labs. A demonstration… The post Threats from the Wild - Episode 2: HAFNIUM/Exchange Aftermath: Blue Team Perspective appeared first on Securonix ..read more

The SolarWinds/SUPERNOVA attack targeted the National Financial Center (NFC), an agency inside the U.S. Department of Agriculture that reportedly handles payroll for several government organizations, including the State Department, FBI, Treasury Department, and the DHS.… The post Threats from the Wild - Episode 1: Detecting Future Variants of Sunburst appeared first on Securonix ..read more

The Securonix Threat Research (STR) team is actively monitoring, investigating, and proactively hunting for the critical ongoing HAFNIUM (tracked by STR as CHOPPERWAVE) attacks and the related malicious activity. We are also tracking cryptomining implants… The post On HAFNIUM/CHOPPERWAVE Exchange Server Attacks Detection Using Security Analytics appeared first on Securonix ..read more

The Securonix Threat Research (STR) team has been actively investigating the critical ongoing SolarWinds Orion/SUNBURST supply chain attacks (monitored by STR as ECLIPSER) with some of the recent victims being one of the leading security… The post Detecting SolarWinds/SUNBURST/ECLIPSER Supply Chain Attacks appeared first on Securonix ..read more

The Securonix Threat Research Team (STR) is actively investigating the details of the critical targeted Wastedlocker ransomware attacks that reportedly already exploited more than 31 companies, with 8 of the victims being Fortune 500 companies,… The post Detecting WastedLocker Ransomware Using Security Analytics appeared first on Securonix ..read more

The Securonix Threat Research team has recently been observing a number of new attacks/ security issues reported involving different remote workforce teleconferencing applications (TA), including Zoom, Cisco Webex, and Microsoft Teams. Some examples of the… The post Securing Your Remote Workforce – Detecting Teleconferencing Tools Attacks in the Work-From- Home (WFH) World – Part 2 appeared first on Securonix ..read more

In recent weeks, as many businesses have been rushing to institute a shift to remote work due to the COVID-19/coronavirus situation, we have been observing malicious threat actors attempting to exploit an increasing number of… The post Securing Your Remote Workforce – Detecting the Latest Cyberattacks in the Work-From-Home (WFH) World: Part 1 appeared first on Securonix ..read more