Security operations | 7 min read
MDR insights: how our SOC identified & responded to CVE-2024-3400

Learn how Expel's security operations center (SOC) identified and resolved CVE-2024-3400 for one of our customers.

Security operations | 5 min read
MDR insights: using vulnerability data to inform remediation strategies

MDR vulnerabilities data can be used with EPSS scoring and the CISA catalog to glean insights, reduce alert noise, and guide remediation.

Security operations | 1 min read
Security alert: Palo Alto Networks PAN-OS GlobalProtect Command Injection Vulnerability

Palo Alto Networks disclosed that attackers are exploiting a vulnerability in PAN-OS for GlobalProtect. Here's what you need to know. 

Security operations | 1 min read
Security alert: XZ Linux utility backdoor

Researchers identified a backdoor into the XZ Linux utility, via supply chain compromise. Here’s what you need to know.

Security operations | 2 min read
Security alert: Ivanti Connect Secure and Policy Secure zero-day vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) believes threat actors are exploiting Ivanti Connect Secure and Policy Secure zero-day vulnerabilities. Here's what to know.

Security operations | 2 min read
Security alert: ConnectWise ScreenConnect 23.9.8 security fix

Vulnerabilities affecting ConnectWise versions 23.9.7 and prior leave self-hosted and on-premise ScreenConnect instances exposed to attackers. Here’s what happened and what you can do about it now.

Security operations | 1 min read
GKE/Gmail vulnerability: notes and tips

Security researchers have discovered a new Google Kubernetes Engine misconfiguration. Here’s what you need to know.

Security operations | 2 min read
Security alert: Okta “support user” data theft

Okta recently determined that an attacker stole support system user in an incident identified in October. Here’s what Okta customers need to know and do right now.

Security operations | 1 min read
Security alert: privilege escalation vulnerability in Confluence Data Center and Server, CVE-2023-22515

A vulnerability in Confluence Data Center and Server allows attackers to create administrative accounts on external-facing Confluence servers. Here’s why it matters and what to do about it.

Security operations | 1 min read
Security alert: zero-day vulnerability CVE-2023-4863 in libwebp (WebP) library

CVE-2023-4863 is a zero-day vulnerability in libwebp, which can result in arbitrary command execution when exploited. Here’s why it matters and what to do.

Security operations | 3 min read
Kaseya supply chain attack: What you need to know

A new ransomware attack upheaved the beginning of Fourth of July weekend. Fortunately, there are steps you can take right now to stay safe. Find out what’s happening and how Expel is looking ahead.

Security operations | 8 min read
Is Microsoft Defender for Endpoint good?

Expel has integrated Microsoft Microsoft Defender for Endpoint into our platform and we’re impressed! Our SOC analysts share why they love it and how they use it to triage alerts.

Engineering | 8 min read
The power of orchestration: how we automated enrichments for AWS alerts

Automation is key when it comes to helping analysts focus on doing what they do best – investigating legitimate threats. Find out how we use orchestration to automate enrichments for AWS alerts.

Tips | 1 min read
Heads up: WPA2 vulnerability

A (very) quick overview of the reported WPA2 weakness. The TL;DR is “don’t flip out.” (1 min read)