Detecting Microsoft Exchange Zero-Day Exploits
What is a Zero-Day Exploit? What Can be Done About Them? In cybersecurity, a zero-day exploit refers to the method a hacker uses to take advantage of a security vulnerability in a computer system, software, or network. When a zero-day… The post Detecting Microsoft Exchange Zero-Day Exploits appeared first on ... Read More
Network Threat Hunting Made Easy With the MistNet NDR MITRE ATT&CK™ Engine
Security professionals are widely adopting MITRE ATT&CK™ for network threat hunting. ATT&CK stands for Adversarial Tactics, Techniques and Common Knowledge, and it represents a globally accessible information base of adversary tactics and techniques based on real-world observations. MITRE ATT&CK provides… The post Network Threat Hunting Made Easy With the MistNet ... Read More
How to Audit and Test for Sudo’s CVE-2021-3156 with LogRhythm
TL/DR Qualys has reported that Sudo, before 1.9.4p2, has a heap-based buffer overflow vulnerability that allows privileged escalation to root via “sudoedit -s” and a command-line argument that ends with a single backslash character. Detecting a successful exploit of the… The post How to Audit and Test for Sudo’s CVE-2021-3156 ... Read More
Windows Certificate Export: Detections Inspired by the SolarWinds Compromise
TL/DR Methods to detect when a certificate is exported from a Windows system are discussed in detail below using the audit log “Certificate Services Lifecycle Notifications” and collecting the log messages with “MS Windows Event Logging XML – Generic” log… The post Windows Certificate Export: Detections Inspired by the SolarWinds ... Read More
Code42 and LogRhythm Partner to Protect Against Insider Threats
As remote work has become the norm for many enterprises, organizations are struggling with the troubling reality of rising insider threats. Whether the results are from careless or negligent employees or malicious insiders, it’s crucial to arm your organization with… The post Code42 and LogRhythm Partner to Protect Against Insider ... Read More
LogRhythm is Named a Leader in G2’s Winter Grid® Report for Security Information and Event Management (SIEM)
LogRhythm users have rated the LogRhythm NextGen SIEM Platform a Leader in the G2 Grid® Report for Security Information and Event Management (SIEM) Software. G2 is a go-to for buyers looking for user reviews to help them evaluate software and… The post LogRhythm is Named a Leader in G2’s Winter ... Read More
How to Detect and Search for SolarWinds IOCs in LogRhythm
LogRhythm Labs has gathered up the indicators of compromise (IOCs) from CISA, Volexity, and FireEye associated with the recent SolarWinds supply chain attack and made them available in a GitHub repository for your convenience. Feel free to download and import… The post How to Detect and Search for SolarWinds IOCs ... Read More
