tech stack
Rapid response | 1 min read
Security alert: Ivanti zero-day vulnerabilityIvanti disclosed a critical zero-day vulnerability impacting multiple products. Address it immediately to prevent unauthenticated remote code execution.
Rapid response | 2 min read
Security alert: Christmas Day Chrome extension compromiseAt least five Chrome extensions, including the Cyberhaven extension, were targeted on Christmas Day. Here's what you need to know.
MDR | 4 min read
Part III: How MDR can transform your SIEM investmentThis is part three of a three-part blog series on how MDR can transform your SIEM investment by augmenting and optimizing its capabilities.
MDR | 4 min read
Part II: How MDR can transform your SIEM investmentThis is part two of a three-part blog series on how MDR can transform your SIEM investment by augmenting and optimizing its capabilities.
MDR | 4 min read
Part I: How MDR can transform your SIEM investmentThis is part one of a three-part blog series on how MDR can transform your SIEM investment by augmenting and optimizing its capabilities.
Rapid response | 1 min read
Security alert: Fortinet zero-day vulnerabilityFortinet has disclosed a zero-day vulnerability that needs to be patched immediately, or the protocol connection to the internet should be disabled.
Rapid response | 2 min read
Security Alert: CrowdStrike Windows OutageAn issue in a CrowdStrike Falcon Sensor update rendered Microsoft’s Windows OS inoperable. Here’s what happened and how you can address it.
MDR | 3 min read
Making sense of the seismic shifts in the SIEM worldHere's answers to pressing questions about what's happening in the world of SIEM, and what to do if you're asking yourself these questions.
Rapid response | 1 min read
Security alert: Palo Alto Networks PAN-OS GlobalProtect Command Injection VulnerabilityPalo Alto Networks disclosed that attackers are exploiting a vulnerability in PAN-OS for GlobalProtect. Here's what you need to know.
Rapid response | 1 min read
Security alert: XZ Linux utility backdoorResearchers identified a backdoor into the XZ Linux utility, via supply chain compromise. Here’s what you need to know.
Current events | 1 min read
GKE/Gmail vulnerability: notes and tipsSecurity researchers have discovered a new Google Kubernetes Engine misconfiguration. Here’s what you need to know.
Cloud security | 3 min read
New mind maps & cheat sheets: Azure & KubernetesOur new Kubernetes mind map/cheat sheet show you which API calls are associated with different MITRE ATT&CK tactics in K8 environments.
MDR | 6 min read
Assessing suspicious Outlook rules: an exerciseOutlook Inbox rules are used for legitimate and malicious reasons. Use these case exercises, tips, and tricks on how to analyze them.
Current events | 7 min read
Attackers are expanding access through Amazon CognitoImproperly configured AWS Cognito web portals can allow attackers to gain direct access to your AWS control plane. Here's how.
Current events | 2 min read
Our top five cybersecurity predictions for 2024Here are our top five cybersecurity predictions for 2024 from Expel experts and leadership based on trends and current events.
MDR | 4 min read
What frameworks and tools drive security maturity?New research by the SANS Institute, commissioned by Expel, outlines the frameworks, tools, and techniques that drive security maturity.
Rapid response | 2 min read
Security alert: Okta “support user” data theftOkta recently determined an attacker stole user support system info in October 2023. Here’s what Okta customers need to do right now.