Learn why compliance doesn’t guarantee prevention against a breach, and while various frameworks and legislation are meant to lay the foundation for organizations to build and expand on, this is rarely the case.
Read MoreDespite a patch being released for the recent Drupal vulnerability, entities are still feeling its impacts. In this post, we’ll review what is known about Drupalgeddon and present detection methods.
Read MoreVPNFilter Malware has compromised more than 500,000 endpoints. To help you detect VPNFilter, LogRhythm Labs has implemented VPNFilter malware alarms within the Current Active Threat (CAT) Module.
Read More
Although there have been several variants over the years, an analysis of the timeline of variants discussed demonstrates the "original" PlugX variant continues to be used today.
Read MoreOn February 28 and March 5, 2018, Memcached DDoS attacks targeted GitHub. LogRhythm Labs performed an investigation into the cause, effect, and outcome of these attacks.
Read MoreOn October 24, 2017, a new strain of ransomware dubbed "Bad Rabbit" emerged. This blog provides an in-depth analysis, recommendations for mitigation, IOCs, and LogRhythm AI Engine rules and NetMon queries for detection.
Read MoreThe LogRhythm Labs team provides analysis on Mamba—a strain of ransomware identified in 2016—after its recent resurgence. This goal of this in-depth analysis is to ensure users are prepared to protect their systems and to help prevent future infection of this malware variant.
Read More Although initially labeled as ransomware due to the ransom message that is displayed after infection, it appears now that NotPetya functions more as a destructive wiper-like tool than actual ransomware. This post reviews an in-depth technical analysis of NotPetya, including recommended security measures.
Read MoreOn the morning of June 27, 2017, Petya, a new ransomware outbreak—similar to the recent WannaCry malware—was discovered in the Ukraine. The malware quickly spread across Europe. This post discusses the TTPs of Petya / NotPetya and how to detect it using LogRhythm AI Engine rules.
Read MoreThe WannaCry ransomware campaign is just the latest wave of malware to target exploits in core networking protocols. Fortunately, the SMB dropper traffic is very easy to detect with NetMon using a simple Query Rule.
Read More
