Alert
Security operations | 8 min read
MDR insights: defense against persistent threats and Oracle WebLogic CVE-2020-14882Initial access broker (IAB) Magnet Goblin is currently targeting CVE-2020-14882 in Oracle WebLogic. Here's how to identify and stop them.
Security operations | 7 min read
MDR insights: how our SOC identified & responded to CVE-2024-3400Learn how Expel's security operations center (SOC) identified and resolved CVE-2024-3400 for one of our customers.
Security operations | 5 min read
MDR insights: using vulnerability data to inform remediation strategiesMDR vulnerabilities data can be used with EPSS scoring and the CISA catalog to glean insights, reduce alert noise, and guide remediation.
Security operations | 1 min read
Security alert: Palo Alto Networks PAN-OS GlobalProtect Command Injection VulnerabilityPalo Alto Networks disclosed that attackers are exploiting a vulnerability in PAN-OS for GlobalProtect. Here's what you need to know.
Security operations | 1 min read
Security alert: XZ Linux utility backdoorResearchers identified a backdoor into the XZ Linux utility, via supply chain compromise. Here’s what you need to know.
Security operations | 2 min read
Security alert: Ivanti Connect Secure and Policy Secure zero-day vulnerabilitiesThe Cybersecurity and Infrastructure Security Agency (CISA) believes threat actors are exploiting Ivanti Connect Secure and Policy Secure zero-day vulnerabilities. Here's what to know.
Security operations | 2 min read
Security alert: ConnectWise ScreenConnect 23.9.8 security fixVulnerabilities affecting ConnectWise versions 23.9.7 and prior leave self-hosted and on-premise ScreenConnect instances exposed to attackers. Here’s what happened and what you can do about it now.
Security operations | 1 min read
GKE/Gmail vulnerability: notes and tipsSecurity researchers have discovered a new Google Kubernetes Engine misconfiguration. Here’s what you need to know.
Security operations | 2 min read
Security alert: Okta “support user” data theftOkta recently determined that an attacker stole support system user in an incident identified in October. Here’s what Okta customers need to know and do right now.
Security operations | 1 min read
Security alert: privilege escalation vulnerability in Confluence Data Center and Server, CVE-2023-22515A vulnerability in Confluence Data Center and Server allows attackers to create administrative accounts on external-facing Confluence servers. Here’s why it matters and what to do about it.
Security operations | 1 min read
Security alert: zero-day vulnerability CVE-2023-4863 in libwebp (WebP) libraryCVE-2023-4863 is a zero-day vulnerability in libwebp, which can result in arbitrary command execution when exploited. Here’s why it matters and what to do.
Security operations | 3 min read
Kaseya supply chain attack: What you need to knowA new ransomware attack upheaved the beginning of Fourth of July weekend. Fortunately, there are steps you can take right now to stay safe. Find out what’s happening and how Expel is looking ahead.
Security operations | 8 min read
Is Microsoft Defender for Endpoint good?Expel has integrated Microsoft Microsoft Defender for Endpoint into our platform and we’re impressed! Our SOC analysts share why they love it and how they use it to triage alerts.
Engineering | 8 min read
The power of orchestration: how we automated enrichments for AWS alertsAutomation is key when it comes to helping analysts focus on doing what they do best – investigating legitimate threats. Find out how we use orchestration to automate enrichments for AWS alerts.
Tips | 1 min read
Heads up: WPA2 vulnerabilityA (very) quick overview of the reported WPA2 weakness. The TL;DR is “don’t flip out.” (1 min read)