Log4J/Log4Shells Exploit Analysis (CVE-2021-44228)

Log4J/Log4Shells Exploit Analysis (CVE-2021-44228)

As a follow up to our other blog post related to CVE-2021-44228, the Remote Code Execution (RCE) vulnerability affecting Apache Log4j, we wanted to go into analysis of a log4shells attack. Who is vulnerable? Basically, this vulnerability affects any apache web server using vulnerable versions (2.11.0 – 2.14.1) of the ... Read More

Log4j Exploit Detection (CVE-2021-44228)

| | Blog
If you are reading this than I assume you have already heard about CVE-2021-44228, the Remote Code Execution (RCE) vulnerability affecting Apache Log4j, the Java logging library much of the internet uses on their web servers. While many blogs and comments have posted methods to determine if your web servers ... Read More
How an MSSP successfully fought off a major cyber attack

How an MSSP successfully fought off a major cyber attack

Here at Infocyte, we are helping our customers and partners respond to major attacks on almost a weekly basis. When I say attack, I don’t mean an antivirus notification about a bad file that a user inadvertently downloaded. The attacks I am talking about are full on hands-on-keyboard (what red ... Read More

Dealing with DarkSide

| | Blog
Brian Krebs recently reviewed more details about ‘DarkSide’ and this ransomware group’s role in shutting down the Colonial Pipeline. DarkSide is a group that packages and provides ransomware capabilities as a service. Other ransomware gangs and organizations pay a fee for DarkSide tools and services making it difficult to provide ... Read More
Top 20 Adversary Techniques: Why 20?

Top 20 Adversary Techniques: Why 20?

| | Blog, Cyber Security
Follow up blog on why you should monitor for the Top 20 attacker behaviors: not 10, not 30. The post Top 20 Adversary Techniques: Why 20? appeared first on Infocyte ... Read More
™

Top 20 Most Common Hacker Behaviors

The top MITRE ATT&CK™ behaviors to monitor for on your endpoints and servers When the OWASP Top 20 Vulnerabilities was first published it revolutionized our industry’s approach to vulnerability management. Instead of playing wack-a-mole with thousands of individual vulnerabilities every time a new one was discovered, we approached vulnerability management ... Read More
™

Why you’re going about MITRE ATT&CK coverage all wrong

MITRE ATT&CK is the defacto standard for assessing modern behavioral detection against adversary tactics and techniques. Its power resides not just in providing a common language for attacker behaviors, but also as a historical anthology of what the security community has observed during attacks. As with any framework, from Lockheed’s ... Read More
Exchange Week 2 – Ransomware Joins The Fray

Exchange Week 2 – Ransomware Joins The Fray

| | Blog
Following exposure and publication of a major remote execution vulnerability like Exchange’s ProxyLogon (CVE-2021-26855), we expect other threat actors to join the race against system administrators trying to patch their systems. Initial reporting showed the threat actor dubbed HAFNIUM were quietly exploiting these vulnerabilities since at least January 2021. Following the ... Read More

HAFNIUM Exchange Zero-Day Scanning

| | Blog, Exchange
The Microsoft Exchange Zero-day exploit drop this week is a big one for 2021. The actions everyone needs to take when these exploits are being used in the wild is: 1. Take inventory Do you host an on-prem exchange server? Is the exchange server vulnerable? Most likely unless you applied ... Read More
Responding to Microsoft 365 Attacks

Responding to Microsoft 365 Attacks

| | Blog
Responding to the December 2020 Solarwinds Supply Chain Attack (“Solarigate”) solidified one of the most pressing security gaps of this new decade: visibility and defense against cloud application attacks. In Solarigate, attackers used the tainted Solarwinds software as an entry vector into servers and pivoted into wider network take-over, but ... Read More