Posts
4.15.22
April Patch Tuesday Vulnerabilities: What You Need to Know
Learn about the risks and remediations for the latest Microsoft Patch Tuesday vulnerabilities.
Jeff Costlow
3.31.22
Detect and Stop Spring4Shell Exploitation
Get recommendations for how to detect Spring4Shell exploitation and learn how you can use ExtraHop to stop attacks that leverage this vulnerability.
Jeff Costlow
12.17.21
Detect Log4j Attacks Hiding in Encrypted Traffic
Learn how attackers are using encrypted protocols to hide Log4j attacks and why decryption has become a necessary capability for detection.
Jeff Costlow
12.10.21
Log4j Exploits Explained
Understand Log4j exploitation and how to remediate this zero-day vulnerability with ExtraHop Reveal(x).
Jeff Costlow
11.18.21
Exchange Server Security Challenges Explained
How to secure and monitor Microsoft Exchange Server and why decryption is a critical capability for security solutions. Learn more from ExtraHop.
Jeff Costlow
11.4.21
Find Exploit Attempts Against the CISA Known Exploited Vulnerabilities
CISA sets tight deadlines to patch exploited CVEs. Learn how you can detect network-based vulnerabilities faster.
Jeff Costlow
10.25.21
Wildcard Certificate Risks and the ALPACA TLS Attack
Understand wildcard certificate risks, the ALPACA attack, and how to check whether wildcard certificates are putting your organization at risk.
Jeff Costlow
9.23.21
Understand and Detect vCenter Vulnerability Exploitation
The vulnerability to vCenter Server presents serious risk to organizations. Learn how to detect malicious activity surrounding this vulnerability.
Jeff Costlow
8.19.21
Security Alert: New Vulnerability Grants IoT Camera Remote Access
A critical vulnerability affects an estimated 83 million recording devices, allowing attackers access to live feed and enabling remote code execution.
Jeff Costlow
7.15.21
SonicWall Ransomware Warning: Attacks via SRA & SMA Devices
ExtraHop overviews the the SonicWall ransomware warning for SRA & SMA devices and how to detect attacks.
Jeff Costlow
7.6.21
REvil Ransomware Attack and Supply Chain Risk
The latest REvil ransomware attack is a sophisticated supply chain-based attack on software provider Kaseya that has put up to 1,500 customers at risk.
Jeff Costlow
7.2.21
PrintNightmare Vulnerability: Detection, Explanation, and Mitigation
What you need to know about the latest PrintNightmare vulnerability (CVE-2021-34527), how it differs from other recent issues with the Print Spooler service, and what you can do to secure your organization.
Jeff Costlow
5.11.21
Patch Tuesday, May 11: Detecting Critical Vulnerabilities
Today was Microsoft Patch Tuesday, and while there were a relatively small number of patches issued—55 as compared to the usual 100 plus—a few of those vulnerabilities require immediate attention.
Jeff Costlow
4.21.21
Find SonicWall Vulnerabilities With an Inventory of Devices and Software
The SonicWall vulnerabilities are the latest in a spat of serious CVEs. ExtraHop explains how to inventory your devices and software to prevent exploits.
Jeff Costlow
3.23.21
Prevent REvil Ransomware Encryption & Exfiltration Attacks
The REvil attack's encryption and exfiltration of Acer files is a ransomware trend that can be prevented with ExtraHop. Learn more.
Jeff Costlow
3.3.21
The Recent Exchange Server Vulnerability and SSRF Attacks
A new Exchange server vulnerability is being exploited to perpetrate active server side request forgery (SSRF) attacks.
Jeff Costlow
11.2.20
Security Alert: Ransomware Warning for Healthcare
A recent cybersecurity advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) warns of an imminent cybercrime threat to hospitals.
Jeff Costlow
10.14.20
Detect Bad Neighbor Vulnerability on Windows 10 Systems
The Windows 10 vulnerabilities unveiled by Microsoft on October 13 include a remote DoS (CVE-2020-16899) and a remote code execution flaw (CVE-2020-16898) dubbed 'Bad Neighbor'. Get the rundown on potential exploits and what you should do.
Jeff Costlow
9.16.20
Security Alert: Detecting CVE-2020-1472 Zerologon Exploitation with NDR
The recent Zerologon vulnerability (CVE-2020-1472) could allow attackers to get control of a Windows domain without any user credentials. Learn how it works and how to protect against exploits.
Jeff Costlow
7.24.20
Ripple20: How to Identify Vulnerable Devices
The Ripple20 group of vulnerabilities affects hundreds of millions of devices across many industries. Learn how to identify devices using the vulnerable Treck software and detect Ripple20 exploits.
Jeff Costlow
6.11.19
NSA's Advice on BlueKeep: Know Your Network
Reveal(x) Now Detects Evidence of BlueKeep (CVE-2019-0708)
Jeff Costlow
12.6.18
We Busted A Fake Chrome Extension That Was Trying to Steal Data
A mysterious (and fake) Chrome extension. A clever data exfiltration scheme. They would have gotten away with it, too, if it weren't for those meddling security analysts using ExtraHop Reveal(x)! Follow along as we go from threat detection to response in this real-life threat hunt with network traffic analysis.
Jeff Costlow
8.29.18
Detect Apache Struts 2 Exploit CVE-2018-11776 with ExtraHop
There is a new Apache Struts vulnerability. ExtraHop customers can use this technique to monitor for IOCs while they work to update their software.
Jeff Costlow
6.8.18
Detect & Stop This New Android Worm with ExtraHop
ExtraHop users, there's a nasty new Android worm that spreads via remote debugging services, but don't worry—install this remote ADP connections dashboard to quickly find and shut down at-risk devices.
Jeff Costlow
12.21.17
Your Windows Proxy Autodiscovery Could Be Compromised
Your Windows proxy autodiscovery could be compromised. Learn about the WPAD exploit and how to detect it with ExtraHop.
Jeff Costlow
9.19.17
Visibility into TLS: Perfect Forward Secrecy
What is Perfect Forward Secrecy encryption and how ExtraHop allows you to decrypt Perfect Forward Secrecy in real time.
Jeff Costlow
8.28.17
BlackHat and Defcon: Highlights from a Week of Computer Security
For those of us in the computer security industry, the end of July in Las Vegas means the annual week of conferences; BlackHat and DefCon. It's always a great—albeit exhausting—week.
Jeff Costlow
6.27.17
Protect Your Organization from Petya Ransomware
The Petya ransomware campaign uses the EternalBlue exploit to infect systems across the globe. Learn more.
Jeff Costlow
6.19.17
Takeaways from Securing a Cloud-Powered, SOC2-Certified Analytics Service
The public cloud is a natural place to perform machine learning and deep analytics, but your IT data is on-premises. What's needed to bridge the gap securely?
Jeff Costlow
5.17.17
WannaCry Ransomware Update
ExtraHop Bundle Now Directly Detects EternalBlue Portion of WannaCry.
Jeff Costlow
3.3.17
Gathering Steam: 2017 FIRST Robotics Challenge
If you have younger kids - especially if they are interested in STEM - take them to your local FIRST Robotics competition and encourage them to participate.
Jeff Costlow
3.1.17
RSA 2017 Recap: Always a Learning Experience
The RSA Conference is the largest security industry convention in the world. This year, ExtraHop had a booth there for the first time...and it was busy!
Jeff Costlow