Huntress

Pull those threats out by the roots! A property management firm had a suspicious login within their network. But what made this particular login stick out? Courtesy of an alert generated via managed SIEM, the SOC learned that this login occurred from a known-malicious workstation! 👾 This threat actor compromised an account used for boardroom conferencing operations and moved laterally throughout the network. 🌐 The Huntress SOC immediately isolated the network, denying the threat actor further lateral movement then began work with the SOC support and tactical response teams to locate the initial access vector. 🕵️♀️ Locating the root cause of intrusions is critical, and helps our partners plug the right gaps so that threat actors are permanently evicted from their networks.

A #blackfriday edition of Safe or Sus! Is this a vishing attempt or a well-meaning voicemail? Tell us! Is this Safe 👍 or Sus 💡 and why!

Who here has ever had to wait endlessly for justice to be served?😞 Have you felt the frustration of delays, cancellations, and setbacks that make the process feel impossible? ⏳ Standing up to cybercriminals is never easy, but sharing your story can be a powerful step toward closure. In episode six of "RISE with Robert Cioffi," Robert, CTO and Co-founder of Progressive Computing, Inc., shares the emotional journey of reading his impact statement and confronting the attacker who turned his life upside down. Watch now to see how he found strength in the face of adversity. ➡️ https://lnkd.in/eZi4rFia

#Healthcare organizations are facing a nasty prognosis due to cyber threats. But you can stay ahead of cybercriminals and protect your patients with our Healthcare Cybersecurity Success Kit. Download it here: https://lnkd.in/eFJw5VaX

According to IDC, a staggering 70% of breaches originate at the endpoint. 🫨 IT teams must now protect more endpoints—and a wider variety of endpoints—than ever before. 🫠 The perimeter has become much harder to defend. So where do you even start? ¯\_(ツ)_/¯ Here are nine key strategies to strengthen your endpoint security and minimize your risks. 👇

Shut the back door! A Midwest Credit Union with a nefarious persistent remote access backdoor unwittingly gave an adversary full access to the machine and network. 😬 Specifically, a user had fallen for a social engineering email persuading them to download and install a ScreenConnect instance that a cyber criminal controlled. 📩 The machine was isolated, the threat was reported on, and Active Remediation automatically eradicated this threat without the partner needing to intervene 🫡 Many security and IT practitioners advise re-imaging a machine to return it to a healthy security baseline, which is sage wisdom. 🖖 One additional note: Restoring from backups is a reflexive step many take after re-imaging. Keep in mind, if an infection has been on the machine for some time it MAY have been prior backed up - one may unintentionally be re-installing the infection See how Huntress Managed EDR can keep your back... and your backdoor covered: https://lnkd.in/gGgmapWM

We hate to break it to you, but apps aren’t always your friend (not even the #AI you chat with). They’re definitely not your friend when attackers use them to cause havoc in your Azure ecosystem. In our next episode of #TradecraftTuesday, we’ll be diving into all the sketchy apps lurking in your Microsoft 365 and Azure environments, how these attacks work, and what you can do about them. https://lnkd.in/evS2N2mt

A sobering dose of Dark Web 💊 Over the weekend a threat actor was selling access to a German IT company with over 70 million dollars in revenue-- but only a $800 price tag 😵💫 They offer access via Fortinet, likely from any number of the recent CVEs... No other users have responded to the thread yet. 🙅 Stay vigilant, but stay empowered! Talk about layering your defenses with your teams. It's the best way to stop these criminals in their tracks. 💪

"EvilProxy and NakedPages are so hot right now" - Matt Kiely, kinda. Token Theft is one of the hottest threats we're seeing in small businesses right now. See what we're doing to stop it from shutting down your organization. https://lnkd.in/eTRDqa3W

This #communityconfession from one of our partners is a chilling reminder of the sophisticated tactics used by cybercriminals. A real estate lawyer nearly fell victim to a meticulously crafted attack that combined: ✅ Psychological priming - a phone call claiming to be from a company closing a property sale with instructions to expect an email with documents ✅ Targeted phishing email - Shortly after the call, they received an email containing a Dropbox link and a password. ✅ Malicious JavaScript deployment - When clicked on and executed it triggered multiple programs to be installed and run. Huntress isolated the endpoint in five minutes and the incident was fully remediated in 30 minutes. The unsettling truth? AI is increasingly being used to make these attacks more convincing and commonplace. Key Takeaway: Multilayered security isn't just a recommendation—it's survival.