Skip to content
Get A Demo
Sign Up Free
    March 12, 2024

    Security Detection Update - 2024-3-12

    Welcome to our weekly security detection and report update. Our Incident Detection Engineering (IDE) Team is constantly hard at work. Creating, testing, and writing detections for you! This week, we've made several important updates to improve your security posture and enhance the functionality of our detections. As you might know, monthly, we also release an overview of the entirety of what was changed in the product. However in these updates we'll focus on the net new content that IDE provides on an ongoing basis, musings from our team, and maybe the occasional horoscope if you're lucky.

    Introduction and Overview

    This week was split up into research, bug fixes and the detection and report listed below!

    Your Mira provided cybersecurity horoscope for today:

    By utilizing Blumira to safeguard your environment, the stars align favorably for your venture. Your foresight in choosing advanced cybersecurity solutions heralds a period of robust protection and trust, strengthening your relationships and business ventures. Innovations and strategic decisions will lead to growth, setting you apart as a leader in your industry. The commitment to excellence and security you've shown will attract prosperous opportunities and lasting success.

    New Detections

    This update introduces several new detections, including:

    JavaScript Executed From Unusual Directory

    This TTP has been associated with SocGholish incidents and is a valid indicator of suspicious behavior that should be investigated. This detection identifies when JavaScript files are run from User or Public user directories (downloads, desktop, etc). For more information, click here.

    • Status: Enabled
    • Log type requirement: Windows process creation or Blumira Agent for Windows

    New Reports

    This update introduces new global reports, including:

    Google Workspace: File ACL Changes (ALL)

    This global report has been created to find Google Workspace docs or drive items that have had their ACL (Access Control List) modified. For best results you can customize the report with the target and actor not containing your domain(s) to remove internal changes.

    Amanda Berlin

    Amanda Berlin is Lead Incident Detection Engineer at Blumira, bringing nearly two decades of experience to her position. At Blumira she leads a team of incident detection engineers who are responsible for creating new detections based on threat intelligence and research for the Blumira platform. An accomplished...

    More from the blog

    View All Posts