9.23.21
Understand and Detect vCenter Vulnerability Exploitation
The vulnerability to vCenter Server presents serious risk to organizations. Learn how to detect malicious activity surrounding this vulnerability.
Jeff Costlow
8.25.21
How ExtraHop Shut Down a C&C Beaconing Attack
A compromised VPN client infects a print server and accesses a critical networking admin tool, ExtraHop Reveal(x) detectors fire.
Daniel Chu
8.19.21
Security Alert: New Vulnerability Grants IoT Camera Remote Access
A critical vulnerability affects an estimated 83 million recording devices, allowing attackers access to live feed and enabling remote code execution.
Jeff Costlow
8.11.21
PetitPotam: Expanding NTLM Relay Attacks
Learn how the PetitPotam exploit enables a new variant of NTLM relay attack targeting Active Directory—and how to detect and stop it.
Preston Crowe
7.15.21
New SonicWall Exploitation and Ransomware Warning for SRA and SMA Devices
ExtraHop overviews the the SonicWall ransomware warning for SRA & SMA devices and how to detect attacks. SonicWall warned of an "imminent ransomware campaign" July 2021.
Jeff Costlow
7.6.21
REvil Ransomware Attack and Supply Chain Risk
The latest REvil ransomware attack is a sophisticated supply chain-based attack on software provider Kaseya that has put up to 1,500 customers at risk.
Jeff Costlow
7.2.21
PrintNightmare Vulnerability: Detection, Explanation, and Mitigation
What you need to know about the latest PrintNightmare vulnerability (CVE-2021-34527), how it differs from other recent issues with the Print Spooler service, and what you can do to secure your organization.
Jeff Costlow
5.19.21
Ransomware Is Getting Worse, and a New Name to Prove It: Multifaceted Extortion
Security researcher FireEye Mandiant noted an alarming rise of encryption combined with exfiltration in ransomware attacks. Read more M-Trends Report findings.
Mike Campfield
5.11.21
Patch Tuesday, May 11: Detecting Critical Vulnerabilities
Today was Microsoft Patch Tuesday, and while there were a relatively small number of patches issued—55 as compared to the usual 100 plus—a few of those vulnerabilities require immediate attention.
Jeff Costlow
5.10.21
What the DarkSide Pipeline Attack Means For Securing Critical Infrastructure
The DarkSide cyber attack is the latest in an increasing number of ransomware attacks and raises questions about how to secure critical infrastructure.
Mark Bowling
4.26.21
New Report: How SUNBURST Used DNS to Avoid Detection
A new report details how hiding in DNS traffic was a critical tactic used by SUNBURST attackers to avoid detection—and why DNS is so challenging to secure.
Carol Caley
4.21.21
Find SonicWall Vulnerabilities With an Inventory of Devices and Software
The SonicWall vulnerabilities are the latest in a spat of serious CVEs. Learn how to inventory your devices and software to prevent exploits.
Jeff Costlow
3.23.21
Ransomware, Exfiltration, and the Recent REvil Attacks
The recent ransomware attack on Acer evidences an increasing trend of combining ransomware and exfiltration for a two-pronged attack. Learn more from ExtraHop.
Jeff Costlow
3.12.21
Exchange Server Security Challenges Explained
How to secure and monitor Microsoft Exchange Server and why decryption is a critical capability for security solutions. Learn more from ExtraHop.
Jeff Costlow
9.10.21
Are You Ready to Defend Against the Next Supply Chain Attack?
What can organizations do now to defend against the next supply chain attack? Find out more in our latest blog post.
Dan Frey
8.24.21
The Recent Exchange Server Vulnerability and SSRF Attacks
A new Exchange server vulnerability is being exploited to perpetrate active server side request forgery (SSRF) attacks.
Jeff Costlow
2.11.21
New Report on Lessons Learned Observing SUNBURST's Behavior
Get ExtraHop's latest report exploring how SUNBURST's behavior evaded defenses and what we can do going forward.
Carol Caley
1.20.21
Sunburst Origin Story Part 2: A Forensic Examination of SUNBURST After Detection
The SolarWinds Orion SUNBURST supply chain attack has rocked the confidence of many security teams across industries. This blog reconstructs the timeline of the attack and provides insights on how to improve threat detection in the future.
Todd Kemmerling
1.7.21
SUNBURST: Why Supply Chain Attacks Are So Destructive
Why was the SUNBURST supply chain attack so destructive? In this blog, ExtraHop identifies common elements of a supply chain attack and how to stop these attacks in the early stages.
Dan Frey
1.6.21
SUNBURST: An Origin Story
Get a forensic examination of the Sunburst attack from ExtraHop and learn how the attack went undetected for so long.
Todd Kemmerling
