1.20.21
Sunburst Origin Story Part 2: A Forensic Examination of SUNBURST After Detection
The SolarWinds Orion SUNBURST supply chain attack has rocked the confidence of many security teams across industries. This blog reconstructs the timeline of the attack and provides insights on how to improve threat detection in the future.
Todd Kemmerling
1.7.21
Why Supply Chain Attacks Are So Destructive
What are supply chain attacks and why can they be so damaging? In this first installment of our blog series, we'll identify some common elements of a supply chain attack and how you can discover these attacks in the early stages.
Dan Frey
1.6.21
SUNBURST: An Origin Story
The SolarWinds Orion SUNBURST supply chain attack has rocked the confidence of many security teams across industries. This blog examines the domains used in order to better understand how the attack went undetected for so long.
Todd Kemmerling
12.21.20
Video: SUNBURST Attack Series
SUNBURST is an advanced persistent threat. Detecting and responding to it requires network truth. Learn what steps ExtraHop and Reveal(x) recommend to ensure your network is not compromised.
ExtraHop
12.21.20
Video: What You Need to Know After SUNBURST
ExtraHop is closely following the SolarWinds Orion SUNBURST exploit. Our videos detail what we have learned about how the attack works, and how network detection and response is essential to detecting any malicious activity in your environment.
ExtraHop
12.18.20
Analyzing the SUNBURST SolarWinds Attack Campaign For Threat Intelligence
SolarWinds attack: ExtraHop is sharing 1700+ suspicious IP addresses (for threat hunters and data scientists) that were associated with the Sunburst backdoor attack.
Todd Kemmerling
12.14.20
How to Detect and Respond to the SUNBURST Attack
Sunburst attack 2020: Learn how to detect and respond to the Sunburst backdoor supply chain attack with ExtraHop's spectrum of detection approaches.
ExtraHop
11.2.20
Security Alert: Ransomware Warning for Healthcare
A recent cybersecurity advisory issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) warns of an imminent cybercrime threat to hospitals.
Jeff Costlow
10.14.20
Security Alert: 'Bad Neighbor' Vulnerability Affects Windows 10 Systems
The Windows 10 vulnerabilities unveiled by Microsoft on October 13 include a remote DoS (CVE-2020-16899) and a remote code execution flaw (CVE-2020-16898) dubbed 'Bad Neighbor'. Get the rundown on potential exploits and what you should do.
Jeff Costlow
9.16.20
Security Alert: Detecting CVE-2020-1472 Zerologon Exploitation with NDR
The recent Zerologon vulnerability (CVE-2020-1472) could allow attackers to get control of a Windows domain without any user credentials. Learn how it works and how to protect against exploits.
Jeff Costlow
7.24.20
Ripple20: Finding Vulnerable Devices and Detecting Attacks
The Ripple20 group of vulnerabilities affects hundreds of millions of devices across many industries. Learn how to identify devices using the vulnerable Treck software and detect Ripple20 exploits.
Jeff Costlow
5.29.20
What's Worse? RDP Open to the Internet or Closing Up Shop? RDP Best Practices to Follow in 2020
Enabling remote desktop protocol has been a popular choice for IT teams in the mad dash of WFH access in 2020. Read five best practices to follow.
Chase Snyder