PrintNightmare (CVE-2021-1675 and CVE 2021-34527) Explained
What Happened? Proof-of-concept exploit code was published on Github on June 29, 2021 for a vulnerability (CVE-2021-1675) in Print Spooler (spoolsv.exe), a Windows program that ma...
Read MoreHow To Test Antivirus and EDR Software: A Complete Guide
At Blumira, we regularly onboard new technologies to help our customers integrate their existing security solutions with our cloud SIEM. This means we often need to test new endpoi...
Read MoreHow To Detect Password Lists With Blumira
With an increase in fileless malware’s usage in recent years, there's a growing need to practice security hygiene with secure storage of business credentials as a key component.Â...
Read MoreHow to Detect Web Shells With a SIEM
During the recent campaign targeting Microsoft Exchange OWA vulnerabilities, one piece of tradecraft came up again and again. Threat actors deployed web shells that were potentiall...
Read MoreCritical VMware vCenter RCE (CVE-2021-21972) Exploits Released
What Happened Positive Technologies discovered a vulnerability in VMware vCenter/vSphere that allows an unauthenticated attacker to remotely execute code on the VMware hypervisor ...
Read MoreDetecting SolarWinds & Ransomware Attacks With Process Monitoring
While most organizations have antivirus and firewall solutions, modern attacks such as those seen in the SolarWinds campaign and large-scale ransomware attacks delivered by commodi...
Read More