Security operations | 9 min readBeware QR code phishing & other Grinchy scams this holiday season
As the holidays approach, cyber Grinches are targeting phishing campaigns to steal data, credentials and more. Look out for these email scams while online shopping and checking your inbox this season.
Security operations | 2 min readEmerging Threats: Microsoft Exchange On-Prem Zero-Days
Until a patch is issued for the Microsoft Exchange Server zero-day vulnerabilities, there are a few things security teams can do to temporarily mitigate risk. Here’s what we recommend.
Threat intelligence | 3 min readExpel Quarterly Threat Report: Cybersecurity data, trends, and recs from Q1 2022
Top takeaways from our first quarterly report, filled with patterns and trends we identified from Q1 2022. Our goal? Help translate the events we detect into a security strategy for your organization.
Security operations | 4 min readAttack trend alert: AWS-themed credential phishing technique
They’re at it again. This time attackers are phishing for credentials by sending fake AWS log-in pages to unsuspecting users. Find out how our crew identified and triaged a phishing email.
Expel insider | 2 min readGreat eXpeltations 2022: Cybersecurity trends and predictions
Introducing Great eXpeltations 2022: Cybersecurity trends and predictions — an annual report from our security operations center (SOC) on top threats, how to handle them, and what to expect this year.
Security operations | 5 min readThe top phishing keywords in the last 10k+ malicious emails we investigated
Curious how attackers are prompting victims to engage with phishing campaigns? Check out the top keywords from the malicious emails our SOC investigated and our top resilience recommendations.
Security operations | 9 min readWell that escalated quickly: How a red team went from domain user to kernel memory
A red team recently swooped in and showed off some new tactics. What started as a PowerShell download cradle quickly turned into a custom rootkit download. Find out how we spotted the crafty red team.
Security operations | 5 min readIncident report: Spotting SocGholish WordPress injection
Our SOC stopped a ransomware attack that compromised WordPress CMS to trigger a drive-by RAT download. Find out what happened, how we caught it, and our recommendations to secure your WordPress CMS.
Security operations | 4 min readSwimming past 2FA, part 1: How to spot an Okta MITM phishing attack
Crafty attackers are finding new ways to bypass multiple-factor authentication. Find out how our SOC detected an attack and get some tips on how your org can prevent credentials phishing.
Security operations | 4 min readSomeone in your industry got hit with ransomware. What now?
We’re noticing a trend in ransomware attacks. But that doesn’t mean it’s time to go into panic mode. Find out what you need to know and get some tips on how you can keep your org safe.
Security operations | 7 min readCloud attack trends: What you need to know and how to stay resilient
We shared the top attack trend spotted during the pandemic and what to keep an eye out for looking ahead. But how do you remediate and stay resilient against these attacks? Our crew shares some tips.
Check out our newest infographic to learn about the top attack trend during the COVID-19 pandemic, how our SOC’s data reinforces these recent findings and how you should be looking ahead.
Threat intelligence | 6 min readSupply chain attack prevention: 3 things to do now
What do you do when you can’t trust the internet? Supply chain attacks like the SolarWinds Orion breach are not new. Here are some things you can do to help prepare and guard against similar attacks.
Security operations | 3 min readThe SolarWinds Orion breach: 6 ideas on what to do next and why
Here are some of our early observations on the SolarWinds Orion breach, plus our ideas on what to do next to detect related activity and better protect your org.
Security operations | 6 min readEvilginx-ing into the cloud: How we detected a red team attack in AWS
Red team sneak attack? Bring it on. Find out how we tackled a red team attack using open source offensive security tools in AWS and what you can do to protect your org from similar attacks.
Security operations | 9 min readObfuscation, reflective injection and domain fronting; oh my!
During a recent red team engagement, the CrowdStrike EDR Platform alerted our SOC team on the execution of a suspicious VBScript file. This is what they learned from untangling the malware code.
How often does a business email compromise actually happen? And what should you do about it? Our infographic answers those questions and more.