The Infocyte Blog

vulnerability-alert-log4j

Log4J/Log4Shells Exploit Analysis (CVE-2021-44228)

As a follow up to our other blog post related to CVE-2021-44228, the Remote Code Execution (RCE) vulnerability affecting Apache Log4j, we wanted to go into analysis of a log4shells attack. Who is vulnerable? Basically, this vulnerability affects any apache web server using vulnerable versions (2.11.0 – 2.14.1) of the log4j logger. The list of…

Read More »
vulnerability-alert-log4j

Log4J Exploit Detection (CVE-2021-44228)

This post was last updated on December 22nd, 2021 at 11:59 amUPDATED: 12/22 – Added new detection logic to mitigate common obfuscation tactics. De-emphasized mitigation procedures which no longer help. If you are reading this than I assume you have already heard about CVE-2021-44228, the Remote Code Execution (RCE) vulnerability affecting Apache Log4j, the Java…

Read More »

How an MSSP successfully fought off a major cyber attack

This post was last updated on November 19th, 2021 at 03:27 pmHere at Infocyte, we are helping our customers and partners respond to major attacks on almost a weekly basis. When I say attack, I don’t mean an antivirus notification about a bad file that a user inadvertently downloaded. The attacks I am talking about…

Read More »
Ransomware

Dealing with DarkSide

This post was last updated on September 23rd, 2021 at 03:28 pmBrian Krebs recently reviewed more details about ‘DarkSide’ and this ransomware group’s role in shutting down the Colonial Pipeline. DarkSide is a group that packages and provides ransomware capabilities as a service. Other ransomware gangs and organizations pay a fee for DarkSide tools and…

Read More »
Behavioral Analytics Blog

Practical MITRE ATT&CK Coverage Part II: Top 20 Focus

Follow up blog on why you should monitor for the Top 20 attacker behaviors: not 10, not 30.

Read More »

Top 20 Most Common Hacker Behaviors

This post was last updated on August 27th, 2021 at 03:59 pmThe top MITRE ATT&CK™ behaviors to monitor for on your endpoints and servers When the OWASP Top 20 Vulnerabilities was first published it revolutionized our industry’s approach to vulnerability management. Instead of playing wack-a-mole with thousands of individual vulnerabilities every time a new one…

Read More »

Practical MITRE ATT&CK Coverage

Chasing the unnecessary and unachievable need for FULL MITRE COVERAGE? Here’s why thats a bad idea.

Read More »
cyber endpoints bkg

Exchange Week 2 – Ransomware Joins The Fray

This post was last updated on August 24th, 2021 at 10:02 amFollowing exposure and publication of a major remote execution vulnerability like Exchange’s ProxyLogon (CVE-2021-26855), we expect other threat actors to join the race against system administrators trying to patch their systems. Initial reporting showed the threat actor dubbed HAFNIUM were quietly exploiting these vulnerabilities since…

Read More »

HAFNIUM Exchange Zero-Day Scanning

This post was last updated on August 10th, 2021 at 05:54 pmThe Microsoft Exchange Zero-day exploit drop this week is a big one with far reaching implications for organizations in 2021. Infocyte recommends the following actions organizations need to take when these exploits are being used in the wild: 1. Take inventory Do you host…

Read More »

Responding to Microsoft 365 Attacks

This post was last updated on October 29th, 2021 at 07:55 pmResponding to the December 2020 SolarWinds Supply Chain Attack (“Solarigate”) solidified one of the most pressing security gaps of this new decade: visibility into and defense against cloud application attacks. In Solarigate, attackers used the tainted SolarWinds software as an entry vector into servers…

Read More »