Introduction and Overview

This week was split up into research, bug fixes and the detection and report listed below!

Your Mira provided cybersecurity horoscope for today:

By utilizing Blumira to safeguard your environment, the stars align favorably for your venture. Your foresight in choosing advanced cybersecurity solutions heralds a period of robust protection and trust, strengthening your relationships and business ventures. Innovations and strategic decisions will lead to growth, setting you apart as a leader in your industry. The commitment to excellence and security you’ve shown will attract prosperous opportunities and lasting success.

New Detections

This update introduces several new detections, including:

JavaScript Executed From Unusual Directory

This TTP has been associated with SocGholish incidents and is a valid indicator of suspicious behavior that should be investigated. This detection identifies when JavaScript files are run from User or Public user directories (downloads, desktop, etc). For more information, click here.

• Status: Enabled
• Log type requirement: Windows process creation or Blumira Agent for Windows

New Reports

This update introduces new global reports, including:

Google Workspace: File ACL Changes (ALL)

This global report has been created to find Google Workspace docs or drive items that have had their ACL (Access Control List) modified. For best results you can customize the report with the target and actor not containing your domain(s) to remove internal changes.