The Hedgehog Defense #2: Defend Against Automatically Mounted Disk Images
Welcome back to the Hedgehog Defense! In this post, we’re going to take a look at a common technique abused by threat actors to sneak past your typical mail filter and Windows de...
Read MoreCritical ScreenConnect Vulnerabilities Allow Remote Code Execution
Update - 5:45pm 2.21.24 - Detections have been built and tested and are in the process of being deployed to all of our customers. There are three new detections overall and all thr...
Read MoreThe Hedgehog Defense – Default Apps
The Hedgehog Defense - Prevent Malware Execution with Default App Modifications While I was trying to think up creative names for the theme of this article, I Google’d the very ...
Read MoreFortinet Vulnerabilities in FortiOS sslvpnd and fgfmd Lead to RCE
What Happened On Thursday, Fortinet announced two new, critical vulnerabilities in devices running FortiOS. Successful exploitation of either of these announced vulnerabilities le...
Read MoreAnyDesk Suffers Cyberattack
AnyDesk Production Systems Compromised Running AnyDesk? Time to start patching. As if the minefield that system administrators have to walk on a daily basis isn’t bad enough, ...
Read MoreCorrelating GeoIP Lookups
Knowing when and where a user login was performed is often a good first step to identifying and confirming anomalous behavior in your environment. For example, if all of your users...
Read MoreCitrix NetScaler Auth Bypass Vulnerability (CVE-2023-4966)
What Happened? Security researchers at AssetNote uncovered an easily exploitable authentication bypass vulnerability when investigating Citrix patch updates related to �...
Read MoreCVE-2023-20198 – Cisco IOS Web UI Vulnerability
What Happened? Cisco has published a security advisory tracking the active exploitation of a new zero-day vulnerability in the Cisco IOS Web UI. This flaw affects all ve...
Read MoreIncrease in Password Spraying vs Cisco ASA SSL VPNs
What Happened? Rapid7 has reported active exploitation of Cisco ASA SSL VPNs. This is not the result of a new CVE or vulnerability, but rather an observable increase in successful...
Read MoreQueueJumper: (CVE-2023-21554) Enables Remote MSMQ Exec
What Happened? Wayne Low of Fortinet's FortiGuard Lab and Haifei Li of Check Point Research discovered a series of vulnerabilities in Windows Message Queuing (MSMQ), the most seri...
Read More