Search the Portal

[image] Log4Shell attacks have spread throughout the Internet due to the ease with which attackers can perform them. The WatchGuard Threat Lab sees a sample of these attacks from our customers’ perspectives when they opt to provide anonymized...

[image] Iranian researchers at Amnpardaz security firm have discovered rootkits in HPs iLO (Integrated Lights-Out) management modules. These optional chips are added to servers for remote management and grant full high-level access to the...

[image] The internet came by storm. Yes, for years it wasn’t accessible to the major populace, but over time it found its way into the office, school, home, and now more specifically into the living room. With the evolution of the internet came...

[image] Every so often, there is a phish that stands out because of its brazenness. Today, we came across a bank phish that requested a few verification details: Username and Password Social Security Number Email address and email password used...

[image] Much of what we see exploiting the log4j2 vulnerability, CVE-2021-44228, appears like a scan for the vulnerability, not necessarily exploitation. However, our own honey pot https://github.com/WatchGuard-Threat-Lab/log4shell-iocs has seen...

[image] This week we take a deep dive into CVE-2021-44228, better known as Log4Shell, a critical vulnerability in the massively popular log4j2 logging library for Java applications. We discuss how the flaw came about, how it works, and why this...

[image] Politico published a short piece about Kamala Harris’s hesitancy with Bluetooth devices. They considered this a bit amusing, perhaps considering her paranoid based on their tone. While the article’s content was light, it did discuss some...

[image] As we move in to the end of the year it’s time for us to discuss WatchGuard Threat Lab’s 2022 cybersecurity predictions. While many of our predictions tend to come off as extreme, they’re all grounded in the trends that we’ve been...

[image] [Updated 13-12-2021: Additional information for WatchGuard customers] On Thursday, security researchers disclosed a critical, unauthenticated remote code execution (RCE) vulnerability in log4j2, a popular and widely used logging library...

[image] Its getting to be the end of the year which means its time to take a look back at WatchGuard Threat Lab’s 2021 security predictions and give ourselves a grading on how well we did! On this episode, we’ll go through our 8 predictions for...

[image] We have seen interpolation in the news concerning a recent court case. Here we cover what interpolation does to an image, not only because of the recent news but also because face recognition uses interpolation to better recognize a face...

[image] This week on the podcast we discuss how a recent CISA alert on specific threat actor activity tipped off a separate adversary, leading to a new wave of attacks against vulnerable systems across multiple industries. We also cover the...

[image] Phishing is a type of social engineering attack where threat actors attempt to trick users into providing sensitive information via email. Typically, this involves creating a phishing campaign where threat actors will send the same...

[image] On this week’s episode of the podcast, we cover a newly discovered method for hiding malicious source code in plain sight, CISA’s new Known Exploited Vulnerabilities Catalog, and action from the US Department of Commerce on the Pegasus...

[image] Facebook’s face recognition has one of the largest training databases in the world, built from photos that users have uploaded since Facebook’s inception, but that database’s time may be coming to an end. In a blog post on Facebook they...

[image] The NRA has found itself in the middle of a potential breach and ransomware attack. This happened last week after the Russian hacking group Greif reportedly gained access. Greif has close ties to Evil Corp (another advanced hacking group...

[image] This week on the podcast, we cover a heist of over $130 million worth of cryptocurrency from a distributed financial (DeFi) organization and have an in depth discussion on why cryptocurrency-related platforms continue to suffer...

[image] The Microsoft Threat Intelligence Center (MSTIC) detected attacks by the Nobelium group targeting IT services providers. The intent was to “gain access to downstream customers” such as Cloud Service Providers (CSP) and Managed Service...