Why are Threat Actors enabling Windows Restricted Admin mode?
RestrictedAdmin mode for RDP was first introduced to Windows 8.1 and Windows Server 2012 R2. Restricted Admin mode has been back ported to Windows 7 and Windows Server 2008, howeve...
Read MoreCVE-2024-3094: xz-utils (liblzma) Backdoor
We will continue to provide updates as more information becomes available. Update - 2024-04-03 12:15 ET: Added information around Jia Tan persona theories. Up...
Read MoreCVE-2023-22515: Zero-Day Privilege Escalation in Confluence
What Happened? On October 4th, 2023, Atlassian disclosed a critical severity vulnerability in Confluence Data Center and Server instances, tracked as CVE-2023-22515. The vulne...
Read MoreIncident Response Strategies for Ransomware
Ransomware incidents require customized response strategies that prioritize swift containment and data availability. Ransomware actors aim to encrypt as many critical systems as po...
Read MoreBuilding Effective Incident Response Procedures
Why You Need An Incident Response Plan An effective Incident Response Program includes written procedures that clearly define responsibilities and tasks for each role. Responding ...
Read More