Search cyberveille.decio.ch

Managing Attack Surface | Huntress Blog

Huntress recently detected interesting activity on an endpoint; a threat actor was attempting to establish a foothold on an endpoint by using commands issued via MSSQL to upload a reverse shell accessible from the web server. All attempts were obviated by MAV and process detections, but boy-howdy, did they try!

#huntress #EN #2024 #attack #IoCs #MSSQL #reverse-shell

·huntress.com·Mar 21, 2024

Managing Attack Surface | Huntress Blog

BlackCat Ransomware Affiliate TTPs

This blog post provides a detailed look at the TTPs of a ransomware affiliate operator. In this case, the endpoint had been moved to another infrastructure (as illustrated by various command lines, and confirmed by the partner), so while Huntress SOC analysts reported the activity to the partner, no Huntress customer was impacted by the ransomware deployment.

#huntress #EN #2024 #BlackCat #Ransomware #TTPs #ScreenConnect

·huntress.com·Feb 29, 2024

BlackCat Ransomware Affiliate TTPs

Threat Intel Accelerates Detection & Response

Evidence of a pre-existing exploit was rendered when the Huntress agent was added to an endpoint. Within minutes, and in part through the use of previously published threat intelligence, analysts were able to identify the issue and make recommendations to the customer to remediate the root cause.

#huntress #EN #2024 #analysis #endpoint #finger.exe #IoC

·huntress.com·Feb 15, 2024

Threat Intel Accelerates Detection & Response

Bitter Pill: Third-Party Pharmaceutical Vendor Linked to Pharmacy and Health Clinic Cyberattack

Huntress has uncovered a series of unauthorized access, revealing a threat actor using ScreenConnect to infiltrate multiple healthcare organizations.

#huntress #EN #2023 #Pharmaceutical #Vendor #Health #Clinic #Cyberattack #IoCs

·huntress.com·Nov 13, 2023

Bitter Pill: Third-Party Pharmaceutical Vendor Linked to Pharmacy and Health Clinic Cyberattack

Qakbot Malware Takedown and Defending Forward

On Tuesday, August 29, 2023, the Federal Bureau of Investigations Los Angeles announced that they and other international partners disrupted the Qakbot malware infrastructure in a successful takedown. First things first, this is awesome!!!

#huntress #23 #EN #FBI #QakBot #Takedown #Defending #vaccine

·huntress.com·Aug 31, 2023

Qakbot Malware Takedown and Defending Forward

Critical Vulnerabilities in PaperCut Print Management Software

Our team is tracking in-the-wild exploitation of zero-day vulnerabilities against PaperCut MF/NG which allow for unauthenticated remote code execution due to an authentication bypass.

#huntress #EN #2023 #PaperCut #zero-day #RCE #Print #Management #Software

·huntress.com·Apr 21, 2023

Critical Vulnerabilities in PaperCut Print Management Software

3CX VoIP Software Compromise & Supply Chain Threats

The 3CX VoIP Desktop Application has been compromised to deliver malware via legitimate 3CX updates. Huntress has been investigating this incident and working to validate and assess the current supply chain threat to the security community.

#huntress #EN #2023 #3CX #VoIP #Software #Compromise #supplychain #analysis

·huntress.com·Mar 30, 2023

3CX VoIP Software Compromise & Supply Chain Threats

Everything We Know About CVE-2023-23397

Huntress is tracking CVE-2023-23397, a 0-day that impacts Microsoft Outlook and requires no user interaction to expose user credential hashes.

#huntress #EN #2023 #CVE-2023-23397 #0-day #Microsoft #Outlook

·huntress.com·Mar 17, 2023

Everything We Know About CVE-2023-23397

Investigating Intrusions From Intriguing Exploits

On 02 February 2023, an alert triggered in a Huntress-protected environment. At first glance, the alert itself was fairly generic - a combination of certutil using the urlcache flag to retrieve a remote resource and follow-on scheduled task creation - but further analysis revealed a more interesting set of circumstances. By investigating the event in question and pursuing root cause analysis (RCA), Huntress was able to link this intrusion to a recently-announced vulnerability as well as to a long-running post-exploitation framework linked to prominent ransomware groups.

#huntress #EN #2023 #investigation #triage #SOC #certutil #urlcache #GoAnywhere #analysis

·huntress.com·Feb 11, 2023

Investigating Intrusions From Intriguing Exploits

3CX VoIP Software Compromise & Supply Chain Threats

The 3CX VoIP Desktop Application has been compromised to deliver malware via legitimate 3CX updates. Huntress has been investigating this incident and working to validate and assess the current supply chain threat to the security community.

#huntress #EN #2023 #3CX #VoIP #Software #Compromise #supplychain #analysis

·huntress.com·Mar 30, 2023

3CX VoIP Software Compromise & Supply Chain Threats

Everything We Know About CVE-2023-23397

Huntress is tracking CVE-2023-23397, a 0-day that impacts Microsoft Outlook and requires no user interaction to expose user credential hashes.

#huntress #EN #2023 #CVE-2023-23397 #0-day #Microsoft #Outlook

·huntress.com·Mar 17, 2023

Everything We Know About CVE-2023-23397

Investigating Intrusions From Intriguing Exploits

On 02 February 2023, an alert triggered in a Huntress-protected environment. At first glance, the alert itself was fairly generic - a combination of certutil using the urlcache flag to retrieve a remote resource and follow-on scheduled task creation - but further analysis revealed a more interesting set of circumstances. By investigating the event in question and pursuing root cause analysis (RCA), Huntress was able to link this intrusion to a recently-announced vulnerability as well as to a long-running post-exploitation framework linked to prominent ransomware groups.

#huntress #EN #2023 #investigation #triage #SOC #certutil #urlcache #GoAnywhere #analysis

·huntress.com·Feb 11, 2023

Investigating Intrusions From Intriguing Exploits