Why IP Blacklists are Inherently Unreliable

Blacklist of IP addresses

Why IP Blacklists are Inherently Unreliable Alerting based on IP reputation blacklists can have some value, but IP Blacklists are not a strong indicator of threats, despite what many claim.  IP reputation blacklists are notorious for their low quality, which makes alerts based on them less reliable and requires more analysis to verify that something […]

Threat Flash Alert: Four Microsoft Zero-Day Vulnerabilities Disclosed

Threat Flash Alert: Four Microsoft Zero-Day Vulnerabilities Disclosed Executive Summary Microsoft recently discovered evidence of an attack campaign currently in action which leverages several previously unknown vulnerabilities with on-premises Microsoft Exchange Servers. The vulnerabilities enable access to email accounts, and allow for installation of additional malicious entities to maintain persistence within a target’s environment in […]

Zero Access Trust-The Vulnerability of Trust

Zero Access Trust – The Vulnerability of Trust The year 2020 came to a close with the devastating SolarWinds Supply chain breach, affecting 18,000 of SolarWind’s customers. These attacks affected critical infrastructure, government entities and a wide range of private industry organizations. With the size and scale of this compromise the IT industry is seeing […]

Zero Day Exploits of SonicWall Firewalls

globe

Zero Day Attack of SonicWall Firewalls SonicWall Firewall Event Summary Sonicwall, this weekend disclosed an Zero Day Attack that exploited a flaw on the company’s remote access products.  The attack compromised SonicWalls’ NetExtender VPN client and SMB-oriented Secure Mobile Access 100 Series product, which are used to provide employees and users with remote access to […]

Threat Flash Alert: Widespread Network Probing from Malicious Russian Infrastructure

widespread network probing

Threat Flash Alert: Widespread Network Probing from Malicious Russian Infrastructure 17 November 2020 Malicious Probing Event Summary The Security On-Demand Security Operations Center (SOC) has observed widespread network probing from Russian IP range 193.27.228.0/23. In some cases, we have observed millions of events in a 24-hour period possibly resulting a DOS condition. In the last […]

Wasted Locker

wasted-locker

Wasted Locker: The Most Advanced Ransomware Yet Written By Jordan Kalm, TRU Cyber Threat Intelligence Analyst Overview Wasted Locker is a newer, more advanced strain of ransomware, wreaking havoc since roughly May of 2020. It is believed to have been developed by the same threat group who created both the Dridex banking Trojan and Bitpaymer […]