https://www.huntress.com/blog 2026-03-26T20:35:07Z 60 https://www.huntress.com/blog/managed-itdr-google-workspace https://www.huntress.com/blog/managed-itdr-google-workspace Huntress now delivers ITDR for Google Workspace to protect identities against BEC, inbox rule manipulation, and account takeover, all with a 24/7 SOC-led response. 2026-03-24T14:00:00Z https://www.huntress.com/blog/railway-paas-m365-token-replay-campaign https://www.huntress.com/blog/railway-paas-m365-token-replay-campaign Railway PaaS is being weaponized as a clean token replay engine in an active AiTM and device code phishing campaign impacting 268+ M365 organizations and 100+ MSPs. 2026-03-23T21:00:00Z https://www.huntress.com/blog/declassified-cybercrime-episode-one https://www.huntress.com/blog/declassified-cybercrime-episode-one Uncover the dark economy of cybercrime, from organized scam centers and the criminal customer journey to the use of generative AI in scaling attacks. 2026-03-23T15:00:00Z https://www.huntress.com/blog/manufacturing-cybersecurity-trends https://www.huntress.com/blog/manufacturing-cybersecurity-trends Explore the latest manufacturing cybersecurity trends, from ransomware to OT takeovers, and real-world risks to production. Learn how to secure your plant. 2026-03-23T13:00:00Z https://www.huntress.com/blog/employee-spotlight-cody-browning https://www.huntress.com/blog/employee-spotlight-cody-browning Meet Huntress Reseller Sales Manager Cody Browning. Learn how his grandmother's vishing scam inspired his career and fuels our mission to bring human-led cybersecurity to all businesses. 2026-03-19T14:00:00Z https://www.huntress.com/blog/w2-malvertising-to-kernel-mode-edr-kill https://www.huntress.com/blog/w2-malvertising-to-kernel-mode-edr-kill Huntress uncovers a tax-themed malvertising campaign using Google Ads, dual cloaking, rogue ScreenConnect, and an undocumented Huawei driver to kill AV/EDR. 2026-03-19T14:00:00Z https://www.huntress.com/blog/huntress-stops-mac-infostealer-before-damage https://www.huntress.com/blog/huntress-stops-mac-infostealer-before-damage Huntress’ AI-Centric SOC recently stopped a MacSync infostealer attack on a macOS device. The malware attempted to scrape credentials, browser cookies, and crypto wallets, but Huntress contained the threat before any data was sent to the attacker. Learn how we did it. 2026-03-18T14:00:00Z https://www.huntress.com/blog/proactive-security-posture-management https://www.huntress.com/blog/proactive-security-posture-management Huntress "shifts left" with Managed ESPM and Managed ISPM. We proactively harden your endpoints and identities to close the security gaps that attackers love to exploit. 2026-03-17T14:00:00Z https://www.huntress.com/blog/five-shady-phishing-email-techniques-we-spotted-in-2025 https://www.huntress.com/blog/five-shady-phishing-email-techniques-we-spotted-in-2025 From fake UPS shipping notifications to PayPal-themed callback phishing, here are the five top phishing techniques we’re seeing this year. 2026-03-16T21:00:00Z https://www.huntress.com/blog/3-2-1-backup-rule https://www.huntress.com/blog/3-2-1-backup-rule Discover how the 3-2-1 backup rule strengthens your backup strategy against ransomware. Plus, learn how to implement cloud backup best practices with ease. 2026-03-16T12:00:00Z https://www.huntress.com/blog/exposed-vpn-ransomware-attack https://www.huntress.com/blog/exposed-vpn-ransomware-attack Get an insider look at how the Huntress SOC stopped an unsecured VPN based ransomware attack. Learn why your business needs more than just software to stay secure. 2026-03-13T07:00:00Z https://www.huntress.com/blog/data-exfiltration-threat-actor-infrastructure-exposed https://www.huntress.com/blog/data-exfiltration-threat-actor-infrastructure-exposed Threat actors are people, too, and like everyone else, make mistakes. These mistakes can reveal insights into the threat actor, or even expose access to their infrastructure. 2026-03-12T14:00:00Z https://www.huntress.com/blog/daisy-chaining-rogue-rmm-tools https://www.huntress.com/blog/daisy-chaining-rogue-rmm-tools The abuse of remote monitoring and management (RMM) tools is surging. See how threat actors daisy chain RMM software for initial access, persistence, and detection evasion. 2026-03-11T14:00:00Z https://www.huntress.com/blog/password-statistics https://www.huntress.com/blog/password-statistics The top password statistics might surprise you. Learn how common poor password hygiene is, plus tips for protecting your precious credentials better. 2026-03-09T14:00:00Z https://www.huntress.com/blog/top-10-worst-places-to-store-a-password https://www.huntress.com/blog/top-10-worst-places-to-store-a-password Check out the top 10 worst places to store your password, as commented by IT and information security professionals. 2026-03-09T05:00:00Z https://www.huntress.com/blog/threat-actor-abuses-elastic-cloud-siem https://www.huntress.com/blog/threat-actor-abuses-elastic-cloud-siem A deep dive into a threat actor who exploited SolarWinds Web Help Desk, abused an Elastic Cloud SIEM free trial for exfiltration and triage, revealing key infrastructure. 2026-03-06T21:00:00Z https://www.huntress.com/blog/muddywater-attack-chain https://www.huntress.com/blog/muddywater-attack-chain Huntress has identified and detailed a full timeline of an intrusion in a customer environment that aligns with what others have identified as MuddyWater (Iranian-linked APT). 2026-03-06T15:00:00Z https://www.huntress.com/blog/improving-security-with-sso-and-mfa https://www.huntress.com/blog/improving-security-with-sso-and-mfa SSO vs. MFA: Why choose between the two? Learn how both single sign-on and multi-factor authentication can improve your cybersecurity posture. 2026-03-05T21:00:00Z https://www.huntress.com/blog/how-a-pharmacy-cyberattack-is-a-warning-sign-for-healthcares-cybersecurity-vulnerabilities https://www.huntress.com/blog/how-a-pharmacy-cyberattack-is-a-warning-sign-for-healthcares-cybersecurity-vulnerabilities Learn how a single cyberattack on a pharmacy tech provider disabled access for millions of patients and what it means for the healthcare industry moving forward. 2026-03-05T21:00:00Z https://www.huntress.com/blog/most-common-passwords https://www.huntress.com/blog/most-common-passwords Discover the most common passwords that put you and your business at risk, and get easy tips to improve your password security. 2026-03-05T19:00:00Z https://www.huntress.com/blog/rmm-abuse-when-it-convenience-bites-back https://www.huntress.com/blog/rmm-abuse-when-it-convenience-bites-back Cybercrime and RMM abuse is up 277% as attackers exploit trusted tools for stealthy access. Learn how to shift from overtrust to verifying behavior and secure your network. 2026-03-05T08:00:00Z https://www.huntress.com/blog/gws-business-email-compromise-identity-problem https://www.huntress.com/blog/gws-business-email-compromise-identity-problem Modern BEC attacks now abuse Google Workspace identities. Discover why BEC is an identity problem, and learn how to secure your organization against these threats. 2026-03-05T06:00:00Z https://www.huntress.com/blog/openclaw-github-ghostsocks-infostealer https://www.huntress.com/blog/openclaw-github-ghostsocks-infostealer Huntress warns of fake OpenClaw installers on GitHub deploying malware. Learn how these attacks happen, identify signs of infection, and stay protected. 2026-03-04T15:00:00Z https://www.huntress.com/blog/evolving-linux-threat-landscape https://www.huntress.com/blog/evolving-linux-threat-landscape Learn about the narrowing threat gap, the rise of cross-platform attacks (like WSL abuse), and the specific ransomware and nation-state actors targeting Linux endpoints in 2026. 2026-03-03T15:00:00Z https://www.huntress.com/blog/fake-tech-support-havoc-command-control https://www.huntress.com/blog/fake-tech-support-havoc-command-control Adversaries leverage fake tech support to deploy a modified Havoc C2 agent, employing DLL sideloading, syscall evasion (HellsGate), and RMM tools for persistent access. 2026-03-02T15:00:00Z https://www.huntress.com/blog/survivor-journey-human-trafficking-cybercrime-underground https://www.huntress.com/blog/survivor-journey-human-trafficking-cybercrime-underground From an IT job to forced underground cybercrime, Mohammad’s story exposes the global trafficking network behind massive crypto scams. Learn the signs to stay safe. 2026-02-26T08:00:00Z https://www.huntress.com/blog/disrupting-endpoint-attacks-with-huntress-managed-edr https://www.huntress.com/blog/disrupting-endpoint-attacks-with-huntress-managed-edr Standard EDR creates a gap between detection and action. Huntress closes it. Learn how our Attack Disruption Engine automatically disrupts threat actors and reduces the impact of endpoint attacks. 2026-02-25T06:00:00Z https://www.huntress.com/blog/ai-enhanced-candidate-fraud https://www.huntress.com/blog/ai-enhanced-candidate-fraud AI-driven deception is the new reality in hiring. Explore key statistics on deepfakes and resume fraud, and learn data-informed strategies to solidify your defense. 2026-02-20T14:00:00Z https://www.huntress.com/blog/app-domain-manager-injection https://www.huntress.com/blog/app-domain-manager-injection Uncover how attackers use App Domain Manager injection to run code inside trusted .NET apps by tweaking config files and bypassing application controls. Learn key strategies to detect and stop these attacks. 2026-02-19T06:00:00Z https://www.huntress.com/blog/clickfix-matanbuchus-astarionrat-analysis https://www.huntress.com/blog/clickfix-matanbuchus-astarionrat-analysis ClickFix infection deploys Matanbuchus 3.0 loader and drops a new RAT that we’ve dubbed AstarionRAT. We break down the layers and the hands-on intrusion that followed. 2026-02-16T06:00:00Z https://www.huntress.com/blog/identity-breach-google-workspace https://www.huntress.com/blog/identity-breach-google-workspace 2026-02-12T06:00:00Z https://www.huntress.com/blog/employee-monitoring-simplehelp-abused-in-ransomware-operations https://www.huntress.com/blog/employee-monitoring-simplehelp-abused-in-ransomware-operations Huntress uncovers ransomware operations abusing employee monitoring software and SimpleHelp RMM for persistence, and ransomware deployment. 2026-02-11T15:00:00Z https://www.huntress.com/blog/endpoint-security-trends https://www.huntress.com/blog/endpoint-security-trends Learn the latest endpoint security trends, from AI-powered defense to zero trust and human-led threat hunting that help under-resourced teams stop threats faster. 2026-02-09T14:00:00Z https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399 https://www.huntress.com/blog/active-exploitation-solarwinds-web-help-desk-cve-2025-26399 Huntress has observed active exploitation of a deserialization and remote code execution against the SolarWinds Web Help Desk software (CVE-2025-26399). 2026-02-08T06:00:00Z https://www.huntress.com/blog/windows-projected-file-system-mechanics https://www.huntress.com/blog/windows-projected-file-system-mechanics Huntress uncovers the mechanics of the Windows Projected File System. Explore the ProjFS driver, virtualization roots, and the PowerShell commands. 2026-02-05T15:00:00Z https://www.huntress.com/blog/encase-byovd-edr-killer https://www.huntress.com/blog/encase-byovd-edr-killer Huntress responded to a 2026 intrusion using compromised SonicWall VPN credentials and a revoked EnCase forensic driver to terminate EDR processes via BYOVD. 2026-02-04T15:00:00Z https://www.huntress.com/blog/how-to-deal-with-alert-fatigue-like-a-security-pro https://www.huntress.com/blog/how-to-deal-with-alert-fatigue-like-a-security-pro Deal with alert fatigue like a pro. Learn practical tips from Huntress' SOC on managing overwhelming alerts, preventing burnout, and focusing on real threats. 2026-02-02T05:00:00Z https://www.huntress.com/blog/ldap-active-directory-detection-part-four https://www.huntress.com/blog/ldap-active-directory-detection-part-four SOAPHound's LDAP query (!soaphound=*) never appears in Event 1644 logs, but it transforms into (! (FALSE)) through LDAP optimization. Understanding this transformation reveals a unique detection signature that most defenders have never seen. 2026-01-29T15:00:00Z https://www.huntress.com/blog/huntress-managed-itdr-incident-report-timeline-response https://www.huntress.com/blog/huntress-managed-itdr-incident-report-timeline-response Learn how the Incident Report Timeline within Huntress Managed ITDR offers clear, chronological insights, enabling a decisive response to incidents. 2026-01-26T06:00:00Z https://www.huntress.com/blog/smartermail-account-takeover-leading-to-rce https://www.huntress.com/blog/smartermail-account-takeover-leading-to-rce SmarterMail versions prior to Build 9511 are vulnerable to privileged account takeover and remote code execution. Learn more about the latest Huntress DE&TH Team’s findings. 2026-01-22T15:00:00Z https://www.huntress.com/blog/hacked-construction-apps-bringing-down-jobsite-security https://www.huntress.com/blog/hacked-construction-apps-bringing-down-jobsite-security Vertical-specific construction applications face unique risks. Hacked apps stem from flaws in the software or its components, expanding the jobsite attack surface. 2026-01-21T06:00:00Z https://www.huntress.com/blog/malicious-browser-extention-crashfix-kongtuke https://www.huntress.com/blog/malicious-browser-extention-crashfix-kongtuke Fake ad blocker crashes your browser, then offers a "fix." Go inside KongTuke's CrashFix campaign, from malicious extension to ModeloRAT for VIP targets. 2026-01-16T06:00:00Z https://www.huntress.com/blog/ldap-active-directory-detection-part-three https://www.huntress.com/blog/ldap-active-directory-detection-part-three While investigating LDAP filters and attributes, I completely missed "SDFlags" in my Event 1644 logs. When I finally noticed it, the investigation led to nTSecurityDescriptor, attack path discovery, and a high-confidence detection signature. 2026-01-15T15:00:00Z https://www.huntress.com/blog/pursuing-parity-cross-platform-unity https://www.huntress.com/blog/pursuing-parity-cross-platform-unity Huntress researchers weigh in on the challenge of getting feature parity across Windows, macOS, and Linux. And learn how unique security models and platform maturity shape the way products are built. 2026-01-13T06:00:00Z https://www.huntress.com/blog/ai-2025-faster-attacks-same-tradecraft https://www.huntress.com/blog/ai-2025-faster-attacks-same-tradecraft Huntress outlines 2025 AI attack speed with automated scripts, but adversaries use familiar tradecraft. Detection and hygiene remain decisive. 2026-01-12T08:00:00Z https://www.huntress.com/blog/esxi-vm-escape-exploit https://www.huntress.com/blog/esxi-vm-escape-exploit Huntress outlines a complex, multi-step attack designed to break out of guest VMs and target the ESXi hypervisor, using potential zero-day vulnerabilities and sneaky VSOCK communication. 2026-01-07T14:00:00Z https://www.huntress.com/blog/rogue-screenconnect-social-engineering-tactics-2025 https://www.huntress.com/blog/rogue-screenconnect-social-engineering-tactics-2025 From lures involving Social Security statements to top domains and hashes used in attacks, here's an in-depth look at incidents involving ScreenConnect in 2025. 2025-12-31T06:00:00Z https://www.huntress.com/blog/ldap-active-directory-detection-part-two https://www.huntress.com/blog/ldap-active-directory-detection-part-two Your LDAP detection rules work in the lab but fail in production. Here's why Event 1644 whitespace variations break your Sigma rules and how to fix them. 2025-12-30T06:00:00Z https://www.huntress.com/blog/holiday-security-tips-for-family-friends https://www.huntress.com/blog/holiday-security-tips-for-family-friends From "React2Shell" exploitation to sophisticated "Living off Trusted Sites" phishing, Huntress experts break down the threats targeting both enterprises and families today. 2025-12-23T08:00:00Z https://www.huntress.com/blog/rising-supply-chain-attacks-cybersecurity-ecosystems https://www.huntress.com/blog/rising-supply-chain-attacks-cybersecurity-ecosystems Learn how supply chain attacks and shifting trust are reshaping the software supply chain, and what enterprises must do to strengthen resilience. 2025-12-23T05:00:00Z https://www.huntress.com/blog/trial-error-typos-malware-attacks-sophisticated https://www.huntress.com/blog/trial-error-typos-malware-attacks-sophisticated Think all threat actors are pros? This post reveals how 'unsophisticated' malware and attacker errors help defenders stop attacks before damage is done. 2025-12-22T05:00:00Z https://www.huntress.com/blog/securing-your-business-the-vital-role-of-cyber-insurance https://www.huntress.com/blog/securing-your-business-the-vital-role-of-cyber-insurance Understand the critical role of cyber insurance in safeguarding your business from cyber threats. Learn how this coverage can protect your assets. 2025-12-19T05:00:00Z https://www.huntress.com/blog/active-exploitation-gladinet-centrestack-triofox-insecure-cryptography-vulnerability https://www.huntress.com/blog/active-exploitation-gladinet-centrestack-triofox-insecure-cryptography-vulnerability Threat actors are exploiting a vulnerability in Gladinet’s CentreStack and Triofox products that stems from hardcoded cryptographic keys in the AES implementation. 2025-12-18T23:00:00Z https://www.huntress.com/blog/series-of-unfortunate-rmm-events https://www.huntress.com/blog/series-of-unfortunate-rmm-events Recently, the Huntress SOC has observed threat actors increasingly use PDQ and GoTo Resolve to deploy further remote monitoring and management (RMM) tools in attacks. 2025-12-18T08:00:00Z https://www.huntress.com/blog/ldap-active-directory-detection-part-one https://www.huntress.com/blog/ldap-active-directory-detection-part-one Learn why your LDAP detection rules never fire and how to fix them. Hint: it's the OID-to-bitwise transformation. 2025-12-16T06:00:00Z https://www.huntress.com/blog/cmmc-opportunity-cost-msp-challenges https://www.huntress.com/blog/cmmc-opportunity-cost-msp-challenges CMMC is coming. Learn how to turn this challenge into a major revenue opportunity for your business. 2025-12-10T06:00:00Z https://www.huntress.com/blog/amos-stealer-chatgpt-grok-ai-trust https://www.huntress.com/blog/amos-stealer-chatgpt-grok-ai-trust Attackers are exploiting user trust in AI and aggressive SEO to deliver an evolved Atomic macOS Stealer. Learn why this social engineering tradecraft bypasses traditional network controls and the future of macOS infostealer defense. 2025-12-09T06:00:00Z https://www.huntress.com/blog/huntress-managed-security-awareness-training-expert-review https://www.huntress.com/blog/huntress-managed-security-awareness-training-expert-review A new independent report explores how Huntress’ approach to SAT supports real behavior change. Learn what works best in building security culture. 2025-12-09T06:00:00Z https://www.huntress.com/blog/peerblight-linux-backdoor-exploits-react2shell https://www.huntress.com/blog/peerblight-linux-backdoor-exploits-react2shell Huntress is seeing threat actors exploit React2Shell (CVE-2025-55182) to deploy a Linux backdoor, a reverse proxy tunnel, and a Go-based post-exploitation implant. 2025-12-09T05:00:00Z https://www.huntress.com/blog/hypervisor-defenses-against-ransomware-targeting-esxi https://www.huntress.com/blog/hypervisor-defenses-against-ransomware-targeting-esxi Hypervisors are a major target for ransomware attacks. Get expert guidance from Huntress on how to protect your virtualized infrastructure. Learn how to secure access, put runtime controls in place, simplify patching, and improve your recovery plans. 2025-12-08T06:00:00Z https://www.huntress.com/blog/pulling-back-the-curtain-a-journey-through-the-dark-web https://www.huntress.com/blog/pulling-back-the-curtain-a-journey-through-the-dark-web Learn what the dark web looks like with an exploration of the far reaches of the internet, how you can get there, and what you might find… from a safe distance. 2025-12-03T15:00:00Z https://www.huntress.com/blog/velociraptor-misuse-part-two-eye-of-the-storm https://www.huntress.com/blog/velociraptor-misuse-part-two-eye-of-the-storm Huntress reports an uptick in threat actors abusing the Velociraptor open-source DFIR tool, linked to incidents involving WSUS exploitation, VS Code tunnels, and more. 2025-12-03T05:00:00Z https://www.huntress.com/blog/datacenter-infrastructure-and-identity-attacks https://www.huntress.com/blog/datacenter-infrastructure-and-identity-attacks Do you know where identity attacks come from? It’s not just location or VPNs, but there’s a "secret third thing" in identity attacks. See how a new AS-based detection system closed this critical visibility gap. 2025-12-02T06:00:00Z https://www.huntress.com/blog/what-is-threat-hunting https://www.huntress.com/blog/what-is-threat-hunting What is cyber threat hunting, and what do threat hunters do? In this blog, we define what threat hunting actually is and the strategy and skill behind it. 2025-12-01T23:00:00Z https://www.huntress.com/blog/account-takeover-what-it-is-and-how-to-protect-against-it https://www.huntress.com/blog/account-takeover-what-it-is-and-how-to-protect-against-it Account takeover fraud happens when attackers steal login credentials to access accounts. Learn how to detect and prevent account takeover fraud. 2025-12-01T19:00:00Z https://www.huntress.com/blog/shadyhacks-with-kyle-hanslovan https://www.huntress.com/blog/shadyhacks-with-kyle-hanslovan Huntress CEO Kyle Hanslovan's live hack demo: modern hacker playbook, with stolen credentials, MFA bypass, and M365 token hijacking. Get defense tips, stay protected. 2025-11-26T14:00:00Z https://www.huntress.com/blog/7-benefits-of-outsourcing-cybersecurity-services https://www.huntress.com/blog/7-benefits-of-outsourcing-cybersecurity-services Explore the top benefits of cybersecurity outsourcing and learn how it can bolster defenses while freeing up time, energy, and resources for your team. 2025-11-24T16:00:00Z https://www.huntress.com/blog/clickfix-malware-buried-in-images https://www.huntress.com/blog/clickfix-malware-buried-in-images Huntress uncovered an attack utilizing a ClickFix lure to initiate a multi-stage malware execution chain. This analysis reveals how threat actors use steganography to conceal infostealers like LummaC2 and Rhadamanthys within seemingly harmless PNGs. 2025-11-24T06:00:00Z https://www.huntress.com/blog/velociraptor-misuse-part-one-wsus-up https://www.huntress.com/blog/velociraptor-misuse-part-one-wsus-up Huntress has seen an uptick in threat actors abusing the Velociraptor open-source DFIR tool in a range of attacks, including a recent incident involving WSUS exploitation. 2025-11-20T15:00:00Z https://www.huntress.com/blog/huntress-acquires-inside-agent https://www.huntress.com/blog/huntress-acquires-inside-agent Huntress acquired Inside Agent to bolster identity security with a new ISPM solution. The move enhances proactive defense against cyberattacks. 2025-11-18T17:00:00Z https://www.huntress.com/blog/huntress-available-on-marketplace-microsoft https://www.huntress.com/blog/huntress-available-on-marketplace-microsoft Huntress is now on the Microsoft Marketplace. Combine our protection with Microsoft 365 and Defender, get 24/7 monitoring, and enjoy enterprise-grade security without the hefty price tag. 2025-11-17T14:00:00Z https://www.huntress.com/blog/what-should-a-modern-cybersecurity-stack-look-like https://www.huntress.com/blog/what-should-a-modern-cybersecurity-stack-look-like In this blog, we dive into the critical layers that make up a solid cybersecurity stack and provide tips for getting buy-in from decision makers. 2025-11-17T13:00:00Z https://www.huntress.com/blog/threats-against-education https://www.huntress.com/blog/threats-against-education Threat actors are targeting the education sector with data breaches, phishing emails, ransomware hits, brute force RDP attacks, and more. 2025-11-13T06:00:00Z https://www.huntress.com/blog/demystifying-multi-factor-authentication-for-businesses https://www.huntress.com/blog/demystifying-multi-factor-authentication-for-businesses MFA for business isn’t a silver bullet. But it’s close! Learn the benefits, MFA methods, and how to make it work without the usual headaches. 2025-11-07T05:00:00Z https://www.huntress.com/blog/huntress-ctf-2025-retro https://www.huntress.com/blog/huntress-ctf-2025-retro 11,000+ hackers—one epic challenge. See who the winners are and key insights from this year's massive Huntress Capture the Flag competition. Read the full breakdown! 2025-11-06T14:00:00Z https://www.huntress.com/blog/gootloader-threat-detection-woff2-obfuscation https://www.huntress.com/blog/gootloader-threat-detection-woff2-obfuscation Gootloader returns with new obfuscation techniques, including custom WOFF2 fonts and updated persistence mechanisms, while continuing its partnership with Vanilla Tempest for ransomware deployment. Dive in and discover what Huntress is seeing. 2025-11-05T15:00:00Z https://www.huntress.com/blog/huntress-defcert-streamline-cmmc-assessment-prep https://www.huntress.com/blog/huntress-defcert-streamline-cmmc-assessment-prep Huntress and DEFCERT partnered to help with CMMC compliance. Use their Shared Responsibility Matrix and operation plans to streamline your Level 2 assessment 2025-11-05T14:00:00Z https://www.huntress.com/blog/live-hacking-microsoft-365-kyle-hanslovan https://www.huntress.com/blog/live-hacking-microsoft-365-kyle-hanslovan Learn how cybercriminals bypass Microsoft 365 MFA and steal credentials in a live hacking demo. Discover defense strategies to protect your systems. 2025-11-04T16:00:00Z https://www.huntress.com/blog/what-is-the-zero-trust-security-model https://www.huntress.com/blog/what-is-the-zero-trust-security-model Learn the fundamentals of Zero Trust Security and how it protects organizations by ensuring constant verification and reducing cyber risks. Stay secure with Zero Trust. 2025-10-28T04:00:00Z https://www.huntress.com/blog/exploitation-of-windows-server-update-services-remote-code-execution-vulnerability https://www.huntress.com/blog/exploitation-of-windows-server-update-services-remote-code-execution-vulnerability Huntress has observed threat actors exploiting a Microsoft Windows Server Update Services (WSUS) vulnerability (CVE-2025-59287). 2025-10-24T04:00:00Z https://www.huntress.com/blog/looking-at-qilin-ransomware-attack https://www.huntress.com/blog/looking-at-qilin-ransomware-attack Incident analysis is critical, but for newcomers, it can be daunting. Learn how to confirm commands, validate findings, and spot real impact during a Qilin ransomware event. 2025-10-22T05:00:00Z https://www.huntress.com/blog/imperfect-telemetry-techniques-effective-incident-response https://www.huntress.com/blog/imperfect-telemetry-techniques-effective-incident-response See how the Huntress Tactical Response team tackles security telemetry gaps. We share real-world techniques for working with missing logs, degraded telemetry, and cloud logging challenges to uncover critical insights and improve investigations. 2025-10-21T05:00:00Z https://www.huntress.com/blog/dispelling-ransomware-deployment-myths https://www.huntress.com/blog/dispelling-ransomware-deployment-myths Huntress analyzes ransomware activity, uncovering attack patterns and key detection opportunities while dispelling ransomware myths. 2025-10-16T05:00:00Z https://www.huntress.com/blog/cmmc-final-rule-guide-for-dod-subcontractors https://www.huntress.com/blog/cmmc-final-rule-guide-for-dod-subcontractors The DoD's CMMC final rule is here. Learn what it means for subcontractors, the new timeline, and how to prepare for your Level 2 audit to stay competitive. 2025-10-15T05:00:00Z https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw Huntress has observed in-the-wild exploitation of a Local File Inclusion vulnerability in Gladinet CentreStack and Triofox products. 2025-10-15T04:00:00Z https://www.huntress.com/blog/nezha-china-nexus-threat-actor-tool https://www.huntress.com/blog/nezha-china-nexus-threat-actor-tool Beginning in mid-2025, Huntress discovered a new tool being used to facilitate webserver intrusions known as Nezha, which up until now hasn’t been publicly reported on. This was used in tandem with other families of malware and web shell management tools such as Ghost RAT and AntSword. 2025-10-15T04:00:00Z https://www.huntress.com/blog/guide-for-security-unaware https://www.huntress.com/blog/guide-for-security-unaware Ready to drive your IT team crazy? See our top security blunders and learn practical tips to improve your cybersecurity habits. 2025-10-14T05:00:00Z https://www.huntress.com/blog/sonicwall-sslvpn-compromise https://www.huntress.com/blog/sonicwall-sslvpn-compromise Huntress has observed a spike in compromises of SonicWall SSLVPN devices across multiple customer environments. 2025-10-10T04:00:00Z https://www.huntress.com/blog/lamest-cybersecurity-tips-what-to-do-instead https://www.huntress.com/blog/lamest-cybersecurity-tips-what-to-do-instead Tired of hearing the same old cybersecurity tips? Learn actionable, modern strategies to protect yourself and your organization from bad threat actors. 2025-10-07T05:00:00Z https://www.huntress.com/blog/what-is-a-security-awareness-training-program https://www.huntress.com/blog/what-is-a-security-awareness-training-program Improve security culture with a stronger security awareness program. Huntress Managed Security Awareness Training is designed to reduce incidents and protect your team. 2025-10-06T16:00:00Z https://www.huntress.com/blog/biggest-data-breaches https://www.huntress.com/blog/biggest-data-breaches Learn about the biggest data breaches of the past 20 years, how they happened, and how you can better protect your organization from major threats. 2025-10-03T16:00:00Z https://www.huntress.com/blog/craftiest-trends-scams-tradecraft-2025 https://www.huntress.com/blog/craftiest-trends-scams-tradecraft-2025 John Hammond and Greg Linares with Huntress discuss the top tradecraft we’ve seen this year so far, from ClickFix attacks to deepfake social engineering 2025-10-02T05:00:00Z https://www.huntress.com/blog/be-offensive-cybersecurity-awareness-month https://www.huntress.com/blog/be-offensive-cybersecurity-awareness-month Over 20 years of Cybersecurity Awareness Month, and we’ve had enough. This October, Huntress is taking a new attitude with an offensive-minded approach to defense. 2025-10-01T13:00:00Z https://www.huntress.com/blog/dont-sweat-clickfix-techniques https://www.huntress.com/blog/dont-sweat-clickfix-techniques Learn how ClickFix techniques like FileFix, TerminalFix, and DownloadFix trick users into compromising. Then, learn proven detection methods using chokepoint strategies and behavioral analytics. 2025-09-29T05:00:00Z https://www.huntress.com/blog/purerat-threat-actor-evolution https://www.huntress.com/blog/purerat-threat-actor-evolution Trace a threat actor's journey from custom Python stealers to a sophisticated commodity RAT. Learn how their tactics evolved and why this shift to .NET matters. 2025-09-25T14:00:00Z https://www.huntress.com/blog/sat-programs-reduce-human-risk https://www.huntress.com/blog/sat-programs-reduce-human-risk Learn the truth about SAT effectiveness. Our latest report reveals why increased spending on training isn’t reducing human risk—and how to fix it. 2025-09-23T05:00:00Z https://www.huntress.com/blog/average-cost-of-a-data-breach https://www.huntress.com/blog/average-cost-of-a-data-breach Learn what the average cost of a data breach is and how factors like industry and location impact it. Plus, learn how to protect yourself from costly breaches. 2025-09-22T17:00:00Z https://www.huntress.com/blog/value-of-telemetry-investigations https://www.huntress.com/blog/value-of-telemetry-investigations Learn more about what it actually means to go up against hackers–and why creative, human-led investigations are essential for keeping your organization safe from modern threats. 2025-09-22T05:00:00Z https://www.huntress.com/blog/malicious-hackers-impersonate-it-staff https://www.huntress.com/blog/malicious-hackers-impersonate-it-staff Malicious hackers are impersonating IT and cybersecurity professionals to infiltrate your systems and steal sensitive data. Learn how to identify and defend against these insider threats and protect your organization from "fake workers." 2025-09-18T05:00:00Z https://www.huntress.com/blog/dangers-of-storing-unencrypted-passwords https://www.huntress.com/blog/dangers-of-storing-unencrypted-passwords Threat actors exploited SonicWall VPN, deployed Akira ransomware, and uninstalled Huntress Managed EDR agents after finding plaintext recovery codes. Learn how to secure your credentials and prevent similar attacks. 2025-09-15T05:00:00Z https://www.huntress.com/blog/rare-look-inside-attacker-operation https://www.huntress.com/blog/rare-look-inside-attacker-operation An attacker installed Huntress onto their operating machine, giving us a detailed look at how they’re using AI to build workflows, searching for tools like Evilginx, and researching targets like software development companies. 2025-09-09T05:00:00Z https://www.huntress.com/blog/what-is-sso-login https://www.huntress.com/blog/what-is-sso-login Learn what single sign-on (SSO) login is, how it’s used in role management and cybersecurity, and how to set it up at your organization. 2025-09-08T17:00:00Z https://www.huntress.com/blog/what-is-multi-factor-authentication https://www.huntress.com/blog/what-is-multi-factor-authentication Understand the multiple uses for multi-factor authentication, plus why it’s important for cybersecurity and how to implement it at your organization. 2025-09-05T15:00:00Z https://www.huntress.com/blog/obscura-ransomware-variant https://www.huntress.com/blog/obscura-ransomware-variant Huntress found a previously unseen ransomware variant called Obscura on a victim company’s domain controller. 2025-09-02T19:00:00Z https://www.huntress.com/blog/debunking-microsoft-365-identity-myths https://www.huntress.com/blog/debunking-microsoft-365-identity-myths Don’t fall for common Microsoft 365 identity security myths. Here, Huntress debunks misconceptions around logins, MFA, Conditional Access, Impossible Travel, and security tuning. 2025-09-02T05:00:00Z https://www.huntress.com/blog/fake-anydesk-clickfix-metastealer-malware https://www.huntress.com/blog/fake-anydesk-clickfix-metastealer-malware Learn how a fake AnyDesk installer led to a unique MetaStealer attack, highlighting how threat actors evolve ClickFix techniques beyond the classic playbook to steal credentials and files. 2025-08-29T05:00:00Z https://www.huntress.com/blog/journey-to-center-of-dark-web-tradecraft-tuesday-recap https://www.huntress.com/blog/journey-to-center-of-dark-web-tradecraft-tuesday-recap Huntress researchers take a tour through the dark web, from innovative threat actor marketing techniques to cybercrime drama on BreachForums. 2025-08-27T05:00:00Z https://www.huntress.com/blog/google-gemini-phishing-risks https://www.huntress.com/blog/google-gemini-phishing-risks Hackers are using Google Gemini's email summaries to sneak in phishing attacks without links or attachments. 2025-08-26T15:00:00Z https://www.huntress.com/blog/huntress-top-ten-decade-in-cybersecurity https://www.huntress.com/blog/huntress-top-ten-decade-in-cybersecurity Celebrate 10 years of wrecking hackers! See how Huntress has evolved and elevated in an ever-changing cybersecurity landscape, shaped by key milestones and critical lessons. 2025-08-25T05:00:00Z https://www.huntress.com/blog/cephalus-ransomware https://www.huntress.com/blog/cephalus-ransomware In mid-August, Huntress saw two incidents that linked back to a ransomware variant called Cephalus, which included DLL sideloading via a legitimate SentinelOne executable. 2025-08-21T21:00:00Z https://www.huntress.com/blog/exposing-data-exfiltration-lolbin-ttp-binaries https://www.huntress.com/blog/exposing-data-exfiltration-lolbin-ttp-binaries Threat actors often steal data during the course of their attacks. This is particularly true for ransomware threat actors, who do it before deploying file encryption in order to engage in “double extortion” activities. This activity can be difficult to detect, particularly if it’s not dissimilar to legitimate actions taken by system administrators. 2025-08-19T14:00:00Z https://www.huntress.com/blog/data-breach-statistics https://www.huntress.com/blog/data-breach-statistics Learn the top data breach statistics of the last several years and learn about common causes, how they vary by industry, and future trends. 2025-08-15T16:00:00Z https://www.huntress.com/blog/kawalocker-ransomware-deployed https://www.huntress.com/blog/kawalocker-ransomware-deployed Thanks in large part to our customer base, Huntress sees a great deal of interesting activity, particularly from threat actors (but also from admins). Part of that activity includes not just ransomware variants that Huntress hasn’t seen before, but also variants that may not have been documented via any public means. Further, when these incidents occur, Huntress very often gets a detailed look at the threat actor’s activity, including commands and their timing. 2025-08-14T05:00:00Z https://www.huntress.com/blog/exploitation-of-sonicwall-vpn https://www.huntress.com/blog/exploitation-of-sonicwall-vpn A likely zero-day vulnerability in SonicWall VPNs is being actively exploited to bypass MFA and deploy ransomware. Huntress advises disabling the VPN service immediately or severely restricting access via IP allow-listing. We're seeing threat actors pivot directly to domain controllers within hours of the initial breach. 2025-08-13T22:00:00Z https://www.huntress.com/blog/exploitation-of-sonicwall-vpn https://www.huntress.com/blog/exploitation-of-sonicwall-vpn A likely zero-day vulnerability in SonicWall VPNs is being actively exploited to bypass MFA and deploy ransomware. Huntress advises disabling the VPN service immediately or severely restricting access via IP allow-listing. We're seeing threat actors pivot directly to domain controllers within hours of the initial breach. 2025-08-13T22:00:00Z https://www.huntress.com/blog/navigating-cmmc-compliance-in-2025-how-huntress-helps https://www.huntress.com/blog/navigating-cmmc-compliance-in-2025-how-huntress-helps See how Huntress fits into the updated 2024 CMMC framework. Explore how Sensitive Data Mode helps safeguard CUI and support compliance. 2025-08-13T13:00:00Z https://www.huntress.com/blog/hollywood-hacking-scenes-we-loved-tradecraft-tuesday-recap https://www.huntress.com/blog/hollywood-hacking-scenes-we-loved-tradecraft-tuesday-recap From The Social Network to The Matrix Reloaded, we break down the top hacking movie and TV show scenes that made us applaud (and cringe). 2025-08-11T15:00:00Z https://www.huntress.com/blog/identify-recruiting-scams-and-how-huntress-fights-back https://www.huntress.com/blog/identify-recruiting-scams-and-how-huntress-fights-back Recruitment scams are on the rise. Learn how to identify common scams and discover how Huntress is actively working to protect job seekers from fraudulent offers and identity theft. 2025-08-05T04:00:00Z https://www.huntress.com/blog/why-old-ransomware-playbooks-never-die https://www.huntress.com/blog/why-old-ransomware-playbooks-never-die When a clearly commented script revealed an attacker's tactics, Huntress prevented encryption. Read on to learn more about the evolution of recycled ransomware playbooks used by multiple threat actors. 2025-07-31T04:00:00Z https://www.huntress.com/blog/intrusion-analysis-methodology https://www.huntress.com/blog/intrusion-analysis-methodology Transform raw Windows event data into actionable insights. Learn expert methodologies for intrusion analysis, authentication events, credential dumping, and RDP activity to stay ahead of threats. 2025-07-30T04:00:00Z https://www.huntress.com/blog/crux-ransomware https://www.huntress.com/blog/crux-ransomware Huntress has observed a new ransomware variant, Crux, being used in multiple incidents. 2025-07-18T04:00:00Z https://www.huntress.com/blog/the-case-for-sigparser https://www.huntress.com/blog/the-case-for-sigparser Court is in session! In this blog post, we examine the use of a legitimate Microsoft 365 application called “SigParser” identified during an identity compromise. How are OAuth apps used during identity intrusions? Find out here! 2025-07-18T04:00:00Z https://www.huntress.com/blog/cybercrime-trends https://www.huntress.com/blog/cybercrime-trends Learn top cybercrime trends from Huntress’ 2025 survey of more than 500 American IT professionals. Plus, learn tips for improving your cybersecurity. 2025-07-17T14:00:00Z https://www.huntress.com/blog/rmm-gateway-for-bulk-attacks-on-msp-customers-part-2 https://www.huntress.com/blog/rmm-gateway-for-bulk-attacks-on-msp-customers-part-2 When a threat actor exploited an MSP's RMM tool to target businesses, Huntress investigated and uncovered another eerily similar incident with key differences that reveal evolving tactics 2025-07-17T05:00:00Z https://www.huntress.com/blog/huntress-microsoft-collaborate-to-boost-business-security https://www.huntress.com/blog/huntress-microsoft-collaborate-to-boost-business-security Huntress is collaborating with Microsoft to help your business get the most out of your Microsoft security investments. 2025-07-14T05:00:00Z https://www.huntress.com/blog/wing-ftp-server-remote-code-execution-cve-2025-47812-exploited-in-wild https://www.huntress.com/blog/wing-ftp-server-remote-code-execution-cve-2025-47812-exploited-in-wild Huntress discovered active exploitation of Wing FTP Server RCE (CVE-2025-47812). Learn more about the injection flaw, attack timeline, forensic artifacts, and how to protect your organization. 2025-07-10T05:00:00Z https://www.huntress.com/blog/huntress-top-cyber-hygiene-tips https://www.huntress.com/blog/huntress-top-cyber-hygiene-tips Secure your systems with these essential cyber hygiene tips, from using MFA to patching software and spotting phishing scams. Stay safe. Stay updated. 2025-07-08T05:00:00Z https://www.huntress.com/blog/remote-monitoring-management-tools-gateway-for-attacks-on-msp-pt-1 https://www.huntress.com/blog/remote-monitoring-management-tools-gateway-for-attacks-on-msp-pt-1 Four years after the Kaseya supply chain attack, a recent incident shows how threat actors still successfully target MSPs’ downstream customers through RMM software. 2025-07-02T05:00:00Z https://www.huntress.com/blog/openai-court-order-cybersecurity-privacy https://www.huntress.com/blog/openai-court-order-cybersecurity-privacy Learn what the OpenAI lawsuit and court order mean for data privacy, cybersecurity, and the future of AI innovation. 2025-07-01T15:00:00Z https://www.huntress.com/blog/ai-friend-faux-tradecraft-tuesday-recap https://www.huntress.com/blog/ai-friend-faux-tradecraft-tuesday-recap Is AI in cybersecurity a tool for defenders or the attackers? Find out in our recap of Huntress’ June Tradecraft Tuesday, where we break it down. 2025-06-30T05:00:00Z https://www.huntress.com/blog/recutting-the-kerberos-diamond-ticket https://www.huntress.com/blog/recutting-the-kerberos-diamond-ticket Clear up common misconceptions about the Kerberos Diamond Ticket and learn how to refine the technique for better OPSEC, including more realistic PAC details and support for service tickets. You’ll learn how to apply the idea securely to both Ticket Granting Tickets and Service Tickets, creating forgeries that blend in more effectively with legitimate Kerberos traffic. The result is a stealthier alternative to traditional Silver Tickets and a more convincing method that raises the bar for Kerberos forgeries. 2025-06-25T05:00:00Z https://www.huntress.com/blog/managed-itdr-supports-ad-synced-identity-disablement https://www.huntress.com/blog/managed-itdr-supports-ad-synced-identity-disablement Huntress Managed ITDR closes the gap with AD-synchronized identity disablement. Secure identities on-prem and in the cloud with this powerful update. 2025-06-24T05:00:00Z https://www.huntress.com/blog/cybersecurity-leadership-insights https://www.huntress.com/blog/cybersecurity-leadership-insights Learn cybersecurity leadership insights on developing elite cybersecurity teams from a seasoned NSA, NASA, and Huntress leader. Learn to hire, retain, and prevent burnout with impactful team growth and success strategies. 2025-06-20T05:00:00Z https://www.huntress.com/blog/inside-bluenoroff-web3-intrusion-analysis https://www.huntress.com/blog/inside-bluenoroff-web3-intrusion-analysis Learn how DPRK's BlueNoroff group executed a Web3 macOS intrusion. Explore the attack chain, malware, and techniques in our detailed technical report. 2025-06-18T05:00:00Z https://www.huntress.com/blog/how-proactive-account-review-uncovered-unauthorized-surveillance-tools https://www.huntress.com/blog/how-proactive-account-review-uncovered-unauthorized-surveillance-tools A routine account review revealed the use of productivity monitoring tools in a medical clinic, highlighting the hidden risks associated with employee monitoring software. Learn the importance of proactive audits in protecting critical systems and sensitive data from potential threats. 2025-06-17T05:00:00Z https://www.huntress.com/blog/introducing-behavior-based-assignments https://www.huntress.com/blog/introducing-behavior-based-assignments Manage human risk by turning real-world incidents into teachable moments with Behavior-Based Assignments. This new feature integrates with Managed EDR and Managed ITDR to provide targeted security awareness training. 2025-06-16T05:00:00Z https://www.huntress.com/blog/cybersecurity-statistics https://www.huntress.com/blog/cybersecurity-statistics Uncover top cybercrime trends, data breaches, and essential workforce insights to bolster your defenses with this comprehensive roundup of cybersecurity statistics. 2025-06-12T13:00:00Z https://www.huntress.com/blog/how-huntress-addresses-lateral-movement https://www.huntress.com/blog/how-huntress-addresses-lateral-movement Huntress Managed EDR tackles lateral movement, a common attack tactic, with a layered approach to telemetry collection and detection. Read on to learn how we identify malicious activity while minimizing false positives. 2025-06-12T05:00:00Z https://www.huntress.com/blog/threat-coverage-on-macs-with-xprotect-microsoft-defender-for-endpoint https://www.huntress.com/blog/threat-coverage-on-macs-with-xprotect-microsoft-defender-for-endpoint Enhance Mac security with Huntress Managed EDR's new coverage for Apple XProtect and Microsoft Defender for Endpoint. Learn how we can protect your macOS. 2025-06-11T05:00:00Z https://www.huntress.com/blog/introducing-threat-simulator-from-huntress-managed-sat https://www.huntress.com/blog/introducing-threat-simulator-from-huntress-managed-sat Boost employee security awareness with Threat Simulator from Huntress Managed SAT. It features hands-on training, game-like sessions, and real results. Start your free trial today. 2025-06-10T05:00:00Z https://www.huntress.com/blog/boring-isnt-harmless-risks-behind-common-cyberattack-tradecraft https://www.huntress.com/blog/boring-isnt-harmless-risks-behind-common-cyberattack-tradecraft Don’t underestimate basic attacker tradecraft tactics. Learn how common cybersecurity tradecraft succeeds and get practical tips from the Huntress SOC to shut it down. 2025-06-05T05:00:00Z https://www.huntress.com/blog/infostealers-crash-course-tradecraft-tuesday-recap https://www.huntress.com/blog/infostealers-crash-course-tradecraft-tuesday-recap Cybercriminals are sitting on a pile of stolen credentials, financial information, and sensitive data, thanks to the success of infostealers. Read more to learn how infostealers have grown to become a scourge to defenders, and how businesses can protect themselves. 2025-06-03T05:00:00Z https://www.huntress.com/blog/advanced-intrusion-targeting-executive-at-critical-marketing-research-company https://www.huntress.com/blog/advanced-intrusion-targeting-executive-at-critical-marketing-research-company An intrusion at a market research company used living-off-the-land techniques, but Huntress detected and mitigated the threat, uncovering tactics like service creation and registry manipulation. Learn more and get detection guidance and mitigation strategies. 2025-05-27T05:00:00Z https://www.huntress.com/blog/defendnot-detecting-malicious-security-product-bypass-techniques https://www.huntress.com/blog/defendnot-detecting-malicious-security-product-bypass-techniques "defendnot" bypasses Windows Defender using undocumented APIs. Learn detection strategies and robust defenses against this sophisticated evasion technique. 2025-05-23T05:00:00Z https://www.huntress.com/blog/incident-response-planning-basics https://www.huntress.com/blog/incident-response-planning-basics Every business is unique, and your incident response plan should be too. Learn why having a tailored plan is crucial for staying prepared and minimizing risk. 2025-05-21T05:00:00Z https://www.huntress.com/blog/identity-threats-in-cybersecurity https://www.huntress.com/blog/identity-threats-in-cybersecurity Why Huntress’ 2025 Managed ITDR Report should be required reading for every security team. 2025-05-20T05:00:00Z https://www.huntress.com/blog/breaking-down-ransomware-attacks-and-how-to-stay-ahead https://www.huntress.com/blog/breaking-down-ransomware-attacks-and-how-to-stay-ahead Break down how a ransomware attack works. Why ransomware is on the side, and how Huntress helps you stay protected. 2025-05-15T05:00:00Z https://www.huntress.com/blog/huntress-new-client-side-api-brings-endpoint-clarity https://www.huntress.com/blog/huntress-new-client-side-api-brings-endpoint-clarity Get to know Huntress' new client-side API for EDR, which enables real-time agent health checks and simplifies endpoint management. With instant “healthy” or “unhealthy” status updates, you can ensure your security is running smoothly. 2025-05-14T05:00:00Z https://www.huntress.com/blog/for-ransomware-time-to-ransom-is-money https://www.huntress.com/blog/for-ransomware-time-to-ransom-is-money During ransomware attacks, the average time-to-ransom for attackers is almost 17 hours. Learn more about what this means for businesses. 2025-05-13T05:00:00Z https://www.huntress.com/blog/post-exploitation-activities-observed-from-samsung-magicinfo-9-server-flaw https://www.huntress.com/blog/post-exploitation-activities-observed-from-samsung-magicinfo-9-server-flaw Huntress has verified that attackers are exploiting flaws in Samsung MagicINFO 9 Server (version 21.1050.0). Understand why MagicINFO 9 Server shouldn’t be internet-facing until a patch is available and applied. 2025-05-09T05:00:00Z https://www.huntress.com/blog/utilizing-asns-for-hunting-and-response https://www.huntress.com/blog/utilizing-asns-for-hunting-and-response Autonomous system numbers are like the address book of the internet, and not every IP address belongs to a “friendly” address. Learn more about how the Huntress Hunt & Response teams utilize ASNs. 2025-05-08T05:00:00Z https://www.huntress.com/blog/rapid-response-samsung-magicinfo9-server-flaw https://www.huntress.com/blog/rapid-response-samsung-magicinfo9-server-flaw Huntress has verified Samsung’s MagicINFO 9 Server (version 21.1050.0) is vulnerable to a publicly available proof-of-concept (PoC). Understand why MagicINFO 9 Server shouldn’t be internet-facing until a patch is applied. 2025-05-07T05:00:00Z https://www.huntress.com/blog/do-tigers-really-change-their-stripes https://www.huntress.com/blog/do-tigers-really-change-their-stripes Across the larger cybersecurity community, an often-used adage is that “threat actors always change their tactics.” However, when we really start to look at and track incident data, we begin to see that while some changes may be necessitated based on infrastructures and other challenges the threat actor may encounter, there are times when tactics remain consistent across incidents. Recent investigations into exploitation activity for CVE-2025-31151 and CVE-2025-30406 show similar TTPs across different incidents. 2025-05-06T05:00:00Z https://www.huntress.com/blog/most-common-cyberattacks https://www.huntress.com/blog/most-common-cyberattacks Learn about some of the most common cyberattacks, how threat actors access computers and networks, and how to lower future risks. 2025-05-02T13:00:00Z https://www.huntress.com/blog/applying-criminal-justice-principles-to-detection-engineering https://www.huntress.com/blog/applying-criminal-justice-principles-to-detection-engineering Explore how criminal justice principles can improve detection engineering by distinguishing true threats from false positives. And learn how concepts like burden of proof and intent enhance cybersecurity defense strategies. 2025-05-01T05:00:00Z https://www.huntress.com/blog/what-is-business-email-compromise-bec https://www.huntress.com/blog/what-is-business-email-compromise-bec A business email compromise (BEC) attack is a type of scam where bad actors impersonate a trusted source to obtain information from their targeted individual. 2025-04-30T22:00:00Z https://www.huntress.com/blog/minutes-matter-huntress-managed-siem-makes-them-count https://www.huntress.com/blog/minutes-matter-huntress-managed-siem-makes-them-count Huntress Managed SIEM makes threat detection and response faster and more accessible. Learn about new features, real-world success stories, and how it enhances cybersecurity and compliance. 2025-04-29T05:00:00Z https://www.huntress.com/blog/protect-against-identity-threats-with-managed-itdr-and-rogue-apps https://www.huntress.com/blog/protect-against-identity-threats-with-managed-itdr-and-rogue-apps Huntress Managed ITDR with Rogue Apps proactively protects against identity threats, including malicious OAuth apps. Learn about the surge in identity-based attacks and how to defend your business effectively. 2025-04-28T05:00:00Z https://www.huntress.com/blog/how-to-stop-malware-attacks-with-security-first-culture https://www.huntress.com/blog/how-to-stop-malware-attacks-with-security-first-culture Protect your business from malware attacks by fostering a security-first culture. Learn how to defend against cyber threats, establish strategies, and train employees to spot malware before it strikes. 2025-04-24T05:00:00Z https://www.huntress.com/blog/credential-theft-expanding-your-reach-pt-2 https://www.huntress.com/blog/credential-theft-expanding-your-reach-pt-2 As with many tactics within the MITRE ATT&CK framework, credential theft consists of a number of different techniques. Showing what many of them look like on an endpoint helps other security professionals understand what to look for and how to detect and respond to similar activity. 2025-04-24T05:00:00Z https://www.huntress.com/blog/say-hello-to-mac-malware-a-tradecraft-tuesday-recap https://www.huntress.com/blog/say-hello-to-mac-malware-a-tradecraft-tuesday-recap In this month’s Tradecraft Tuesday, we talked about how threat actors are finetuning their macOS malware in order to maintain persistent access and avoid detection by Apple’s security features. 2025-04-22T05:00:00Z https://www.huntress.com/blog/tales-of-too-many-rmms https://www.huntress.com/blog/tales-of-too-many-rmms In a highly interconnected world, remote monitoring and management (RMM) tools are critical to reducing cost and increasing efficiencies. However, these tools pose challenges and even significant risk if not properly managed. 2025-04-17T05:00:00Z https://www.huntress.com/blog/why-app-allowlisting-and-zero-trust-solutions-alone-wont-save-you https://www.huntress.com/blog/why-app-allowlisting-and-zero-trust-solutions-alone-wont-save-you App Allowlisting is a good preventative software tool, but it's not enough. Learn why a layered security approach with detection and response is crucial to protect against today's cyber threats. 2025-04-16T05:00:00Z https://www.huntress.com/blog/cve-2025-30406-critical-gladinet-centrestack-triofox-vulnerability-exploited-in-the-wild https://www.huntress.com/blog/cve-2025-30406-critical-gladinet-centrestack-triofox-vulnerability-exploited-in-the-wild Huntress has observed in the wild exploitation against CVE-2025-30406, a weakness due to hardcoded cryptographic keys. 2025-04-14T05:00:00Z https://www.huntress.com/blog/brute-force-or-something-more-ransomware-initial-access-brokers-exposed https://www.huntress.com/blog/brute-force-or-something-more-ransomware-initial-access-brokers-exposed Discover how a seemingly simple brute force attack led to the uncovering of a suspected ransomware-as-a-service operation. This ecosystem appears to be leveraged by initial access brokers, driving an illicit and complex network of cybercrime. 2025-04-10T05:00:00Z https://www.huntress.com/blog/identities-are-the-new-perimeter-endpoints-are-only-the-beginning https://www.huntress.com/blog/identities-are-the-new-perimeter-endpoints-are-only-the-beginning Threat actors are now exploiting both endpoints and identities in the latest cyberattacks. Learn about the rise of identity-based threats and why a combined EDR and ITDR approach is crucial for your cybersecurity. 2025-04-09T05:00:00Z https://www.huntress.com/blog/credential-theft-expanding-your-reach https://www.huntress.com/blog/credential-theft-expanding-your-reach What is credential theft? Learn how threat actors use phishing, brute force, and tools like Mimikatz or Registry hive dumps to gain initial access and move laterally. 2025-04-08T05:00:00Z https://www.huntress.com/blog/crushftp-cve-2025-31161-auth-bypass-and-post-exploitation https://www.huntress.com/blog/crushftp-cve-2025-31161-auth-bypass-and-post-exploitation Huntress observed in-the-wild exploitation of CVE-2025-31161, an authentication bypass vulnerability in versions of CrushFTP and further post-exploitation leveraging MeshCentral and other malware. 2025-04-04T05:00:00Z https://www.huntress.com/blog/cyber-hygiene-attacks-prevention https://www.huntress.com/blog/cyber-hygiene-attacks-prevention Poor credential hygiene and misconfigurations give hackers an easy way in. See real-world cyber hygiene failures, how attackers exploit them, and how Managed EDR stops them cold. 2025-04-04T05:00:00Z https://www.huntress.com/blog/the-unwanted-guest https://www.huntress.com/blog/the-unwanted-guest Threat actors are enabling the built-in Windows Guest account to maintain persistence. Learn how they gain access and how to detect this activity. 2025-04-02T05:00:00Z https://www.huntress.com/blog/scalable-edr-advanced-agent-analytics-with-clickhouse https://www.huntress.com/blog/scalable-edr-advanced-agent-analytics-with-clickhouse Learn how and why Huntress uses ClickHouse for scalable EDR agent analytics, ensuring availability and stability for millions of endpoints while maintaining cost efficiency. 2025-04-01T05:00:00Z https://www.huntress.com/blog/neglecting-cybersecurity-can-save-you-money-now https://www.huntress.com/blog/neglecting-cybersecurity-can-save-you-money-now Doing nothing now can cost your business more than money. Learn why proactive cybersecurity steps keep your business resilient and save costs in the long term. 2025-03-31T05:00:00Z https://www.huntress.com/blog/locking-down-common-endpoint-vulnerabilities https://www.huntress.com/blog/locking-down-common-endpoint-vulnerabilities Learn how to lock down common endpoint vulnerabilities like weak passwords and unpatched software to secure your systems against threats like phishing and malware. 2025-03-28T05:00:00Z https://www.huntress.com/blog/making-a-hackers-do-not-engage-list https://www.huntress.com/blog/making-a-hackers-do-not-engage-list When Celestial Stealer runs in the wild, it looks for Huntress’ own Jai Minton as a potential threat, and this shuts down the infostealer operation if his name is detected. 2025-03-24T05:00:00Z https://www.huntress.com/blog/untold-tales-from-tactical-response https://www.huntress.com/blog/untold-tales-from-tactical-response Explore the inner workings of real-world cyberattacks and gain insight into the challenges faced by Huntress threat analysts. Discover the critical role of investigative techniques and their importance in uncovering and addressing these threats. 2025-03-10T00:00:00Z https://www.huntress.com/blog/remote-work-security-best-practices https://www.huntress.com/blog/remote-work-security-best-practices New data shows cybersecurity professionals are confident about their remote work safety. See the findings, plus security best practices for remote and hybrid work. 2025-03-07T19:07:02Z https://www.huntress.com/blog/how-to-detect-and-eliminate-persistent-malware-before-it-wreaks-havoc https://www.huntress.com/blog/how-to-detect-and-eliminate-persistent-malware-before-it-wreaks-havoc Stopping malware isn’t about catching one-off alerts. It’s about finding and shutting down the persistence that keeps them in your systems. Here’s how Huntress found, fought, and drop-kicked malware that others missed. 2025-03-07T00:00:00Z https://www.huntress.com/blog/how-huntress-achieved-a-blazing-fast-mttr-and-why-it-matters https://www.huntress.com/blog/how-huntress-achieved-a-blazing-fast-mttr-and-why-it-matters The Huntress SOC has an average response time of 8 minutes. That means we can investigate threats, send incident reports, and resolve alerts in record time, shutting down attackers before they have a chance to act. 2025-03-06T00:00:00Z https://www.huntress.com/blog/infographic-uncover-tomorrows-cyber-threats-today https://www.huntress.com/blog/infographic-uncover-tomorrows-cyber-threats-today Explore 2024's top cyber threats, including ransomware trends, advanced phishing tactics, and targeted industries. Stay ahead—download the Huntress 2025 Cyber Threat Report now! 2025-03-04T00:00:00Z https://www.huntress.com/blog/cybersecurity-threats-in-healthcare https://www.huntress.com/blog/cybersecurity-threats-in-healthcare These are the top cybersecurity threats in healthcare, according to Huntress’s 2025 survey of IT pros. Read the full report and learn how to avoid them. 2025-03-04T00:00:00Z https://www.huntress.com/blog/the-hunt-for-redcurl-2 https://www.huntress.com/blog/the-hunt-for-redcurl-2 Huntress discovered RedCurl activity across several organizations in Canada going back to 2023. Learn more about how this APT operates and how they aim to remain undetected while exfiltrating sensitive data. 2025-03-03T15:55:35Z https://www.huntress.com/blog/the-wall-street-journal-says-sat-programs-do-more-harm-than-good-are-they-right https://www.huntress.com/blog/the-wall-street-journal-says-sat-programs-do-more-harm-than-good-are-they-right Discover how modernized security awareness training can transform your workforce into a cybersecurity-first culture. Learn Huntress' key strategies. 2025-02-27T00:00:00Z https://www.huntress.com/blog/huntress-2025-cyber-threat-report-proliferating-rats-evolving-ransomware-and-other-findings https://www.huntress.com/blog/huntress-2025-cyber-threat-report-proliferating-rats-evolving-ransomware-and-other-findings Huntress’ 2025 Cyber Threat Report is here! Explore the year's biggest threats—RATs, phishing, ransomware—and how evolving tactics demand smarter defense. 2025-02-11T00:00:00Z https://www.huntress.com/blog/never-just-one-termite-6-months-of-researching-oauth-application-attacks https://www.huntress.com/blog/never-just-one-termite-6-months-of-researching-oauth-application-attacks There’s never just one termite. Huntress has spent the last 6 months researching and cracking down on malicious OAuth applications. Read about what we’ve found in this blog! 2025-02-10T00:00:00Z https://www.huntress.com/blog/oh-auth-2-0-device-code-phishing-in-google-cloud-and-azure https://www.huntress.com/blog/oh-auth-2-0-device-code-phishing-in-google-cloud-and-azure All OAuth 2.0 implementations are equal. Some are just more equal than others. This blog covers device code phishing and compares OAuth implementations between Google and Azure. Does OAuth implementation impact the efficacy of hacker tradecraft? Find out here! 2025-02-06T00:00:00Z https://www.huntress.com/blog/cyber-insurance-trends https://www.huntress.com/blog/cyber-insurance-trends Discover the top cyber insurance trends for 2025, plus learn how to choose the right plan for your organization. 2025-02-04T00:00:00Z https://www.huntress.com/blog/why-every-business-needs-endpoint-protection-in-2025 https://www.huntress.com/blog/why-every-business-needs-endpoint-protection-in-2025 Your endpoints are prime targets for cyberattacks. Learn why protecting them is vital and how endpoint security can shield your business from becoming an easy mark. 2025-01-30T00:00:00Z https://www.huntress.com/blog/perfmon-what-is-it-good-for https://www.huntress.com/blog/perfmon-what-is-it-good-for Explore how Performance Monitor (PerfMon) counters can be used as alternative methods for detecting Kerberos roasting attacks, moving beyond the traditional reliance on Windows Events 4768/4769. 2025-01-23T00:00:00Z https://www.huntress.com/blog/detecting-malicious-use-of-lolbins https://www.huntress.com/blog/detecting-malicious-use-of-lolbins Learn what LOLBins are, threats malicious threat actors can pose, how to detect those threats, and how to prevent them. 2025-01-09T22:12:04Z https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild Huntress identified an emerging threat involving Cleo’s LexiCom, VLTransfer, and Harmony software, known as CVE-2024-55956, commonly used to manage file transfers. Read more about this emerging threat on the Huntress Blog. 2025-01-06T21:16:42Z https://www.huntress.com/blog/exploring-package-tracking-smishing-scams https://www.huntress.com/blog/exploring-package-tracking-smishing-scams Smishing (or SMS phishing) is far more frequent during the holidays. Learn to recognize the signs of a smish and how to avoid falling victim to one. 2025-01-02T00:00:00Z https://www.huntress.com/blog/2024-revisiting-a-year-in-threats https://www.huntress.com/blog/2024-revisiting-a-year-in-threats Take a look back at some of the biggest threats we observed and analyzed in 2024. 2024-12-31T00:00:00Z https://www.huntress.com/blog/from-mandates-to-assurance-how-managed-siem-helps-decode-compliance-across-the-globe https://www.huntress.com/blog/from-mandates-to-assurance-how-managed-siem-helps-decode-compliance-across-the-globe Understand how Managed SIEM supports your compliance journey worldwide. 2024-12-26T00:00:00Z https://www.huntress.com/blog/analyzing-initial-access-across-todays-business-environment https://www.huntress.com/blog/analyzing-initial-access-across-todays-business-environment Learn more about the initial access techniques observed by the Huntress SOC and Tactical Response teams! Gain valuable insights to help you protect your environment. 2024-12-19T00:00:00Z https://www.huntress.com/blog/first-do-no-harm-when-and-where-siem-fits-in-healthcare-it-settings https://www.huntress.com/blog/first-do-no-harm-when-and-where-siem-fits-in-healthcare-it-settings Understanding SIEM’s benefits, limitations, and best applications in a strong healthcare security stack 2024-12-18T00:00:00Z https://www.huntress.com/blog/mommy-does-santa-like-nordvpn https://www.huntress.com/blog/mommy-does-santa-like-nordvpn Huntress Managed ITDR uncovers risks behind popular VPNs and proxies like NordVPN, Mullvad, and more—helping you steer clear of hackers this holiday season. 2024-12-16T00:00:00Z https://www.huntress.com/blog/cleo-software-vulnerability-malware-analysis https://www.huntress.com/blog/cleo-software-vulnerability-malware-analysis Team Huntress has analyzed Cleo's software vulnerability CVE-2024-55956. Take a look at the technical breakdown of a new family of malware we’ve named Malichus. 2024-12-11T00:00:00Z https://www.huntress.com/blog/2024-wrapped-huntress-managed-sat-edition https://www.huntress.com/blog/2024-wrapped-huntress-managed-sat-edition With 2024 ending, let’s look back at everything new from Huntress Managed SAT this past year. 2024-12-08T00:00:00Z https://www.huntress.com/blog/managed-siem-and-the-art-of-perfecting-cyber-defense https://www.huntress.com/blog/managed-siem-and-the-art-of-perfecting-cyber-defense How Huntress Managed SIEM turns signal recognition into defensive mastery. 2024-12-05T00:00:00Z https://www.huntress.com/blog/trumans-take-a-product-researchers-insights-on-managed-learning https://www.huntress.com/blog/trumans-take-a-product-researchers-insights-on-managed-learning In this new blog series, we’ll explore the managed episodes from Huntress Managed SAT, dive into the topics, and gain insight into why these episodes are relevant right now. 2024-12-02T00:00:00Z https://www.huntress.com/blog/know-thy-enemy-a-novel-november-case-on-persistent-remote-access https://www.huntress.com/blog/know-thy-enemy-a-novel-november-case-on-persistent-remote-access In this blog, Huntress SOC investigators unravel the lateral movement and persistence of an interesting threat actor and their novel infrastructure 2024-11-25T00:00:00Z https://www.huntress.com/blog/you-can-run-but-you-cant-hide-defender-exclusions https://www.huntress.com/blog/you-can-run-but-you-cant-hide-defender-exclusions Understand Windows Defender AntiVirus exclusions and how adversaries might leverage this capability to bypass scans. 2024-11-21T00:00:00Z https://www.huntress.com/blog/make-your-microsoft-security-tools-come-to-life-with-huntress https://www.huntress.com/blog/make-your-microsoft-security-tools-come-to-life-with-huntress Huntress joins the Microsoft Intelligent Security Association to enhance Microsoft tools for SMBs, delivering stronger defenses against today’s most advanced cyber threats. 2024-11-19T00:00:00Z https://www.huntress.com/blog/silencing-the-edr-silencers https://www.huntress.com/blog/silencing-the-edr-silencers Discover how adversaries are using tools like EDRSilencer to tamper with EDR communications and learn how you can fight back. 2024-11-18T14:37:44Z https://www.huntress.com/blog/to-mfa-or-not-to-mfa-how-multi-factor-authentication-saves-the-smb https://www.huntress.com/blog/to-mfa-or-not-to-mfa-how-multi-factor-authentication-saves-the-smb MFA could be the thing that stops your payroll money from disappearing in a wire transaction. So why do we treat it as an optional inconvenience? 2024-11-18T00:00:00Z https://www.huntress.com/blog/its-not-safe-to-pay-safepay https://www.huntress.com/blog/its-not-safe-to-pay-safepay Huntress has observed Akira ransomware affiliates in action, as well as ReadText34 and INC ransomware being deployed. 2024-11-14T00:00:00Z https://www.huntress.com/blog/wtf-is-itdr https://www.huntress.com/blog/wtf-is-itdr ITDR is the latest must-know acronym. But what is it? And why does it matter? Let Huntress break down the essentials of identity threat detection and response, and learn why it’s critical for your defenses. 2024-11-13T00:00:00Z https://www.huntress.com/blog/a-parents-guide-to-securing-childrens-tech-gifts https://www.huntress.com/blog/a-parents-guide-to-securing-childrens-tech-gifts Safeguard holiday tech gifts for kids this season—secure their devices, protect privacy, and build lifelong safety habits. Feat. resources from our exclusive Fireside Chat. 2024-11-13T00:00:00Z https://www.huntress.com/blog/turning-ttps-into-ctf-challenges-huntress-ctf-2024-retro https://www.huntress.com/blog/turning-ttps-into-ctf-challenges-huntress-ctf-2024-retro Explore the highlights of Huntress Capture the Flag 2024, where teams cracked complex cyber challenges in a month-long journey of reverse engineering and malware analysis. 2024-11-12T00:00:00Z https://www.huntress.com/blog/lead-the-pack-with-sat-leaderboards https://www.huntress.com/blog/lead-the-pack-with-sat-leaderboards Leaderboards and Manager Notifications are the new way to motivate learners and track progress in Huntress Managed SAT. 2024-11-07T00:00:00Z https://www.huntress.com/blog/wake-up-call-for-healthcare-cybersecurity https://www.huntress.com/blog/wake-up-call-for-healthcare-cybersecurity Discover how the Health Infrastructure Security and Accountability Act aims to enforce stricter cybersecurity standards across the healthcare sector. 2024-11-06T06:00:00Z https://www.huntress.com/blog/the-evolution-of-the-huntress-neighborhood-watch-program https://www.huntress.com/blog/the-evolution-of-the-huntress-neighborhood-watch-program Explore how the Huntress Neighborhood Watch Program has grown and how it empowers MSPs with Managed ITDR, Managed EDR, and more. 2024-11-05T19:57:41Z https://www.huntress.com/blog/protect-yourself-from-political-donation-scams https://www.huntress.com/blog/protect-yourself-from-political-donation-scams Don’t let fraud disrupt your civic duty. Learn how to spot and avoid political donation scams that target voters through robocalls, fake websites, and deepfakes. 2024-10-24T00:00:00Z https://www.huntress.com/blog/ask-the-mac-guy-whats-the-deal-with-full-disk-access https://www.huntress.com/blog/ask-the-mac-guy-whats-the-deal-with-full-disk-access Learn about the importance of Full Disk Access for Mac, its role in macOS security, and how it affects app performance and functionality. 2024-10-23T18:18:23Z https://www.huntress.com/blog/thank-you-for-helping-us-earn-another-inc-power-partner-award-in-cybersecurity https://www.huntress.com/blog/thank-you-for-helping-us-earn-another-inc-power-partner-award-in-cybersecurity Huntress has earned an Inc. Power Partner Award for 2024. This is our second year receiving this honor, and it’s all due to our partners. 2024-10-22T00:00:00Z https://www.huntress.com/blog/detecting-malicious-use-of-lolbins-pt-ii https://www.huntress.com/blog/detecting-malicious-use-of-lolbins-pt-ii Rhetoric within the cybersecurity community has leaned heavily towards threat actor use of LOLBins as a means of “hiding amongst the noise” of normal, administrative and operational activity. However, as Huntress SOC analysts can attest, this is often far from the case. 2024-10-17T00:00:00Z https://www.huntress.com/blog/unmasking-the-central-villain-inside-adversary-in-the-middle-attacks https://www.huntress.com/blog/unmasking-the-central-villain-inside-adversary-in-the-middle-attacks Discover how Adversary-in-the-Middle attacks silently hijack your sessions, and learn how to spot and prevent AiTM with tips from the experts at Huntress. 2024-10-15T00:00:00Z https://www.huntress.com/blog/what-is-behavioral-analysis-in-cybersecurity https://www.huntress.com/blog/what-is-behavioral-analysis-in-cybersecurity Behavioral analysis is one of the most powerful ways to hunt down attackers. However, it’s a somewhat misunderstood element—it’s the human element that catches what AI and systems miss. Let’s uncover it and figure out where and how it fits in. 2024-10-10T00:00:00Z https://www.huntress.com/blog/prevent-business-email-compromise-attacks https://www.huntress.com/blog/prevent-business-email-compromise-attacks Learn how to prevent business email compromise attacks and learn how to communicate this emerging cyber threat to your employees. 2024-10-08T05:00:00Z https://www.huntress.com/blog/top-3-cybersecurity-threats-of-2024-so-far-what-you-need-to-know https://www.huntress.com/blog/top-3-cybersecurity-threats-of-2024-so-far-what-you-need-to-know Get to know 2024’s three biggest cyber threats—RMM abuse, BYOVD attacks, and WebDAV abuse—and learn how to defend your business from these rising risks. 2024-10-08T00:00:00Z https://www.huntress.com/blog/nerc-cip-training-requirements https://www.huntress.com/blog/nerc-cip-training-requirements Learn about the NERC CIP training requirements for NERC CIP-004 R2 in the Huntress Blog. Understand what you must do to stay compliant and what auditors will review. 2024-10-07T19:02:00Z https://www.huntress.com/blog/nerc-cip-014-standard-explained https://www.huntress.com/blog/nerc-cip-014-standard-explained Huntress explains the NERC CIP-014 standard, why it was created, and how it increases the physical security of electric utilities across North America. 2024-10-07T18:41:00Z https://www.huntress.com/blog/what-is-the-trigger-event-for-implementing-security-awareness-training https://www.huntress.com/blog/what-is-the-trigger-event-for-implementing-security-awareness-training Discover the key triggers for implementing effective security awareness training in your organization. Learn how to enhance employee vigilance, reduce security risks, and foster a culture of cybersecurity awareness by visiting the Huntress Blog. 2024-10-07T06:00:00Z https://www.huntress.com/blog/hunting-for-m365-password-spraying https://www.huntress.com/blog/hunting-for-m365-password-spraying Join Huntress Threat Hunters as they unpack the password-spraying techniques of threat actors, exposing how they target everything from small businesses to giants like Microsoft. 2024-10-03T00:00:00Z https://www.huntress.com/blog/one-order-of-tips-tricks-hot-takes-for-cybersecurity-awareness-month-2024 https://www.huntress.com/blog/one-order-of-tips-tricks-hot-takes-for-cybersecurity-awareness-month-2024 Our hottest security tips, tricks, and opinions to kick this Cybersecurity Awareness Month off right. 2024-10-01T00:00:00Z https://www.huntress.com/blog/friendly-reminder-sat-can-be-enjoyable https://www.huntress.com/blog/friendly-reminder-sat-can-be-enjoyable Huntress made security awareness training (SAT) engaging, relatable, and enjoyable with Managed SAT. Instead of long, dull training sessions, you gain animated, story-based episodes that captivate your learners and improve your organization’s security posture. 2024-09-26T00:00:00Z https://www.huntress.com/blog/unlocking-siem-the-role-of-smart-filtering https://www.huntress.com/blog/unlocking-siem-the-role-of-smart-filtering Learn how our Smart Filtering Engine changes the game on how you view log data ingestion and management. 2024-09-25T00:00:00Z https://www.huntress.com/blog/readtext34-ransomware-incident https://www.huntress.com/blog/readtext34-ransomware-incident Huntress analysts see a number of attacks on a daily and weekly basis, some of which include ransomware attacks. Now and again, Huntress analysts will observe a ransomware attack that stands out in some novel manner. 2024-09-22T16:48:35Z https://www.huntress.com/blog/akira-ransomware-indicators https://www.huntress.com/blog/akira-ransomware-indicators Tracking various indicators associated with different attacks, Huntress analysts have been able to identify specific indicators (threat actor workstation names, passwords associated with new user account creation or current account modification, CloudFlare tunnel tokens) that are associated with Akira ransomware infections. By detecting these indicators much earlier in the attack chain, organizations can inhibit or even obviate file encryption malware deployment. 2024-09-20T00:00:00Z https://www.huntress.com/blog/making-sense-of-alphabet-soup-16-security-terms-and-acronyms-you-should-know https://www.huntress.com/blog/making-sense-of-alphabet-soup-16-security-terms-and-acronyms-you-should-know Read up on the key cybersecurity terms and acronyms every security professional should know and understand. 2024-09-18T18:32:35Z https://www.huntress.com/blog/the-state-of-the-dark-web https://www.huntress.com/blog/the-state-of-the-dark-web Grab some popcorn and hold onto your seats: we’re headed back to the dark web. 2024-09-18T18:25:29Z https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software https://www.huntress.com/blog/cracks-in-the-foundation-intrusions-of-foundation-accounting-software Threat actors have been successful in gaining entry using accounting software commonly used by construction companies. 2024-09-17T00:00:00Z https://www.huntress.com/blog/the-top-3-cyber-challenges-for-mid-market-businesses https://www.huntress.com/blog/the-top-3-cyber-challenges-for-mid-market-businesses Uncover top cyber challenges for mid-sized businesses in 2023; from lack of time and skills, human vulnerabilities, and budget constraints. 2024-09-16T17:49:30Z https://www.huntress.com/blog/are-biometrics-the-unsung-hero-or-the-ultimate-villain-in-cybersecurity https://www.huntress.com/blog/are-biometrics-the-unsung-hero-or-the-ultimate-villain-in-cybersecurity Biometrics: the hero and villain of cybersecurity. Discover how this cutting-edge tech boosts security while posing serious risks. Is it a game-changer or a ticking time bomb? Let’s break it down. 2024-09-15T00:00:00Z https://www.huntress.com/blog/mspcfo-identifying-operational-improvements https://www.huntress.com/blog/mspcfo-identifying-operational-improvements See the research that highlights how MSPs experience reduced time and effort spent on ticket management, cost savings, and boosted efficiency with Huntress. 2024-09-10T05:00:00Z https://www.huntress.com/blog/will-patients-data-ever-be-safe-if-we-let-gpts-into-healthcare https://www.huntress.com/blog/will-patients-data-ever-be-safe-if-we-let-gpts-into-healthcare Are GPTs safe for healthcare? Discover expert opinions on AI’s role in enhancing patient care while ensuring data integrity with Huntress. 2024-09-10T00:00:00Z https://www.huntress.com/blog/youre-the-why-behind-the-huntress-hub https://www.huntress.com/blog/youre-the-why-behind-the-huntress-hub Huntress Hub is here. It’s your all-in-one portal for resources, training, and marketing tools to empower your cybersecurity journey. Simplify workflows, boost productivity, and grow your business with ease. 2024-09-10T00:00:00Z https://www.huntress.com/blog/chaos-to-clarity-how-our-community-helped-transform-siem https://www.huntress.com/blog/chaos-to-clarity-how-our-community-helped-transform-siem Our community’s support drove the development of Huntress Managed SIEM, a groundbreaking solution that simplifies management, cuts through noise, and ensures consistent pricing. 2024-09-05T00:00:00Z https://www.huntress.com/blog/phishing-in-the-fast-lane-the-attackers-eye-view https://www.huntress.com/blog/phishing-in-the-fast-lane-the-attackers-eye-view Join Huntress team members as they walk through some of the most malicious phishing techniques, presented from the attacker's perspective. 2024-09-03T00:00:00Z https://www.huntress.com/blog/advanced-persistent-threat-targeting-vietnamese-human-rights-defenders https://www.huntress.com/blog/advanced-persistent-threat-targeting-vietnamese-human-rights-defenders Huntress identified an intrusion against a non-profit supporting Vietnamese human rights that’s likely spanned years. Jump in as we provide a thorough analysis of this malicious threat actor. 2024-08-28T00:00:00Z https://www.huntress.com/blog/which-states-are-most-at-risk-for-cyberattacks-on-government-and-infrastructure https://www.huntress.com/blog/which-states-are-most-at-risk-for-cyberattacks-on-government-and-infrastructure Cyberattacks on U.S. government and critical infrastructure surged in 2023, with over 420 million global attacks. Learn which states are most affected and discover how Huntress can help protect your organization 2024-08-26T00:00:00Z https://www.huntress.com/blog/remote-work-security-follow-imanis-journey-in-our-latest-huntress-sat-episode https://www.huntress.com/blog/remote-work-security-follow-imanis-journey-in-our-latest-huntress-sat-episode Join Imani on her adventures as she learns how to remain secure in remote work environments with our latest Huntress SAT episode! 2024-08-22T00:00:00Z https://www.huntress.com/blog/unwanted-access-protecting-against-the-growing-threat-of-session-hijacking-and-credential-theft https://www.huntress.com/blog/unwanted-access-protecting-against-the-growing-threat-of-session-hijacking-and-credential-theft Discover how our new Unwanted Access capability strengthens your defenses against session hijacking and credential theft. Dive in and learn how to minimize risks and protect your business-critical assets from evolving cyber threats. 2024-08-21T00:00:00Z https://www.huntress.com/blog/dont-get-your-security-from-your-rmm-provider-the-risks-you-should-know https://www.huntress.com/blog/dont-get-your-security-from-your-rmm-provider-the-risks-you-should-know Here’s why purchasing your cybersecurity products and services through your RMM provider isn’t always the best value. Learn how to avoid common pitfalls and choose more effective EDR and MDR solutions. 2024-08-05T00:00:00Z https://www.huntress.com/blog/slashandgrab-the-connectwise-screenconnect-vulnerability-explained https://www.huntress.com/blog/slashandgrab-the-connectwise-screenconnect-vulnerability-explained Huntress gives you a non-technical breakdown of the SlashAndGab ConnectWise ScreenConnect Vulnerability; dig into the insights on how we discovered it and supported the community along the way. 2024-08-03T20:24:06Z https://www.huntress.com/blog/huntress-is-now-a-cve-numbering-authority-but-what-does-that-mean https://www.huntress.com/blog/huntress-is-now-a-cve-numbering-authority-but-what-does-that-mean Huntress is officially a CVE Numbering Authority. Stay tuned as we keep our eye out for new vulnerabilities in cyberspace. 2024-08-01T00:00:00Z https://www.huntress.com/blog/huntress-recognized-with-44-new-g2-leader-badges-for-summer-2024 https://www.huntress.com/blog/huntress-recognized-with-44-new-g2-leader-badges-for-summer-2024 Huntress Managed EDR was featured in 50 unique G2 reports, earning over 44 Leader badges. Learn why we’re retaining our #1 rank for the 9th quarter in a row. 2024-07-30T00:00:00Z https://www.huntress.com/blog/when-trust-becomes-a-trap-how-huntress-foiled-a-medical-software-update-hack https://www.huntress.com/blog/when-trust-becomes-a-trap-how-huntress-foiled-a-medical-software-update-hack Hackers cloned a legitimate medical image viewer site to distribute malware, but thanks to Huntress, the threat was detected in time. Dive into the incident and see how we uncovered the deception and averted disaster. 2024-07-23T00:00:00Z https://www.huntress.com/blog/fake-browser-updates-lead-to-boinc-volunteer-computing-software https://www.huntress.com/blog/fake-browser-updates-lead-to-boinc-volunteer-computing-software Huntress has observed new behaviors in conjunction with the malware SocGholish. Read on to understand the implications of this threat and how you can better protect yourself. 2024-07-17T00:00:00Z https://www.huntress.com/blog/understanding-the-recent-surge-in-cybersecurity-threats-to-dental-practices https://www.huntress.com/blog/understanding-the-recent-surge-in-cybersecurity-threats-to-dental-practices Learn why the FBI recently warned dental practices of potential cyberattacks and discover how Huntress Security Awareness Training can help prevent them. 2024-07-16T06:00:00Z https://www.huntress.com/blog/9-pro-tips-for-better-endpoint-security https://www.huntress.com/blog/9-pro-tips-for-better-endpoint-security Secure endpoints are critical to your cyber defenses. Here’s a list of endpoint security tips every IT and security professional should know. 2024-07-10T00:00:00Z https://www.huntress.com/blog/effective-ways-to-defend-against-cyber-threats-to-critical-infrastructure https://www.huntress.com/blog/effective-ways-to-defend-against-cyber-threats-to-critical-infrastructure Learn about the current state of cyber threats to critical infrastructure and find out how state and local governments can protect against devastating breaches. 2024-07-05T06:00:00Z https://www.huntress.com/blog/hackers-are-hiding-in-plain-sight-insights-from-our-2024-cyber-threat-report https://www.huntress.com/blog/hackers-are-hiding-in-plain-sight-insights-from-our-2024-cyber-threat-report Cybercriminals are now blending into legitimate systems. Huntress’ 2024 Cyber Threat Report reveals the latest unsettling trends and tactics we observed, including the misuse of remote monitoring tools and cloud storage services. 2024-07-02T00:00:00Z https://www.huntress.com/blog/dont-lose-it-how-accidental-or-intentional-data-loss-can-be-equally-debilitating-for-healthcare https://www.huntress.com/blog/dont-lose-it-how-accidental-or-intentional-data-loss-can-be-equally-debilitating-for-healthcare Healthcare must protect sensitive data from accidental equipment loss, data theft, and insider attacks. Learn practical steps and solutions to enhance your security and maintain patient trust. 2024-06-26T00:00:00Z https://www.huntress.com/blog/building-a-culture-of-belonging-the-huntress-way https://www.huntress.com/blog/building-a-culture-of-belonging-the-huntress-way Huntress Chief People Officer Todd Riesterer discusses how we curate a culture of BElonging, built on pillars of humaneness, equity, and diversity. 2024-06-24T15:57:30Z https://www.huntress.com/blog/auto-remediations-save-precious-time-on-low-level-incidents https://www.huntress.com/blog/auto-remediations-save-precious-time-on-low-level-incidents Learn about Huntress' latest feature, Auto-Remediations for Low-severity Incidents, which can help save time by instantly remediating low-severity threats. 2024-06-24T15:13:13Z https://www.huntress.com/blog/dont-fall-for-the-ol-bundle-trick https://www.huntress.com/blog/dont-fall-for-the-ol-bundle-trick Here’s why bundling cybersecurity products and services like Kaseya K365 aren’t always the best value for your organization. Learn how to avoid common pitfalls and choose more effective EDR and MDR solutions. 2024-06-24T00:00:00Z https://www.huntress.com/blog/heres-to-the-future-our-latest-funding-will-fuel-big-innovations-bold-acquisitions-and-a-more-secure-global-community https://www.huntress.com/blog/heres-to-the-future-our-latest-funding-will-fuel-big-innovations-bold-acquisitions-and-a-more-secure-global-community Huntress CEO Kyle Hanslovan highlights the cybersecurity leader's Series D funding and how this investment will benefit partners moving forward. 2024-06-18T00:00:00Z https://www.huntress.com/blog/debunking-5-major-macos-myths https://www.huntress.com/blog/debunking-5-major-macos-myths Let Huntress debunk the biggest Mac security myths. macOS is now a popular target for hackers, so learn the truth about its vulnerabilities and discover practical steps to enhance protection against cyber threats. 2024-06-13T00:00:00Z https://www.huntress.com/blog/mistakes-to-mastery-get-to-know-phishing-defense-coaching-from-huntress-sat https://www.huntress.com/blog/mistakes-to-mastery-get-to-know-phishing-defense-coaching-from-huntress-sat Get to know Phishing Defense Coaching, the latest addition to Huntress SAT. This personalized feature helps teach learners how phishing simulations tricked them so they can better identify potential threats. 2024-06-12T00:00:00Z https://www.huntress.com/blog/examining-the-impact-of-ransomware-on-the-healthcare-sector-and-new-hhs-guidelines https://www.huntress.com/blog/examining-the-impact-of-ransomware-on-the-healthcare-sector-and-new-hhs-guidelines Learn what’s causing a surge in ransomware attacks on healthcare organizations and find out how new guidelines from HHS are addressing the problem. 2024-06-08T06:00:00Z https://www.huntress.com/blog/healthcare-in-the-crosshairs-insights-from-our-2024-cyber-threat-report https://www.huntress.com/blog/healthcare-in-the-crosshairs-insights-from-our-2024-cyber-threat-report Explore the latest ransomware and BEC threats targeting healthcare today. And learn how to navigate emerging threats with insights from our 2024 Cyber Threat Report. 2024-06-06T00:00:00Z https://www.huntress.com/blog/macs-need-security-too-announcing-huntress-managed-edr-for-macos https://www.huntress.com/blog/macs-need-security-too-announcing-huntress-managed-edr-for-macos As macOS adoption rises, so too do cyber threats against it. That’s why Huntress developed our Managed EDR for macOS, a security solution tailored to the unique challenges of macOS environments. 2024-06-04T00:00:00Z https://www.huntress.com/blog/attack-behaviors https://www.huntress.com/blog/attack-behaviors In the cybersecurity community, we may hear analysts say, “Oh, threat actors change their tactics…”, and at times, they may include the word “always” as part of that statement. However, the question at hand is, “Does the data really show that to be the case?” What are we truly seeing in real-world incidents? 2024-05-30T00:00:00Z https://www.huntress.com/blog/deceitful-tactics-and-honest-mistakes-remedying-human-error-amid-the-rise-of-social-engineering-across-healthcare https://www.huntress.com/blog/deceitful-tactics-and-honest-mistakes-remedying-human-error-amid-the-rise-of-social-engineering-across-healthcare Understand the impact of human error across healthcare, and discover how Huntress’ managed solutions can better defend your organization from social engineering scams. 2024-05-28T00:00:00Z https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft https://www.huntress.com/blog/smugglers-gambit-uncovering-html-smuggling-adversary-in-the-middle-tradecraft Blowing the lid off of interesting adversary-in-the-middle tradecraft observed in the Huntress partner identities. 2024-05-23T00:00:00Z https://www.huntress.com/blog/a-surge-in-ransomware-insights-from-our-2024-cyber-threat-report https://www.huntress.com/blog/a-surge-in-ransomware-insights-from-our-2024-cyber-threat-report Explore the interesting changes in the world of ransomware and more key findings from Huntress' 2024 Cyber Threat Report. 2024-05-22T00:00:00Z https://www.huntress.com/blog/time-to-act-gaining-the-edge-with-huntress-response-capabilities https://www.huntress.com/blog/time-to-act-gaining-the-edge-with-huntress-response-capabilities Discover how Huntress MDR can respond swiftly to cyber threats and give you the critical time advantage in your ongoing battle against attackers. 2024-05-14T00:00:00Z https://www.huntress.com/blog/active-remediation-proactive-incident-response-with-huntress-managed-edr https://www.huntress.com/blog/active-remediation-proactive-incident-response-with-huntress-managed-edr Learn how you can streamline incident response with Huntress Managed EDR's Active Remediation. Sleep soundly while we thwart threats on your behalf. 2024-05-13T00:00:00Z https://www.huntress.com/blog/from-south-park-to-curriculaville-meet-jeff-gill-emmy-award-winner-and-huntress-sat-animator https://www.huntress.com/blog/from-south-park-to-curriculaville-meet-jeff-gill-emmy-award-winner-and-huntress-sat-animator Get to know Jeff Gill, Emmy award-winning storyteller and Huntress Security Awareness Training animator. 2024-05-08T00:00:00Z https://www.huntress.com/blog/healthcare-held-hostage-fighting-the-plague-of-ransomware https://www.huntress.com/blog/healthcare-held-hostage-fighting-the-plague-of-ransomware Ransomware is spreading like wildfire. Learn about its growing threat to healthcare, its impact on patient care, and how Huntress managed solutions can better protect your organization from cyberattacks. 2024-05-03T00:00:00Z https://www.huntress.com/blog/lolbin-to-inc-ransomware https://www.huntress.com/blog/lolbin-to-inc-ransomware Huntress has observed INC ransomware deployed in the past but recent activity indicates a possible continued shift in/or improvement of tactics employed by these threat actors. 2024-05-01T00:00:00Z https://www.huntress.com/blog/the-undeniable-benefits-of-healthcare-security-awareness-training https://www.huntress.com/blog/the-undeniable-benefits-of-healthcare-security-awareness-training Discover the benefits of healthcare security awareness training and find out how Huntress can empower your organization with a culture of security. 2024-04-30T06:00:00Z https://www.huntress.com/blog/lightspy-malware-variant-targeting-macos https://www.huntress.com/blog/lightspy-malware-variant-targeting-macos There's a new variant of LightSpy malware targeting macOS. Here, Huntress' macOS researchers dive into the macOS variant of the LightSpy malware, after gaps in recent reports stating that the LightSpy malware strictly targets iOS. 2024-04-25T00:00:00Z https://www.huntress.com/blog/it-costs-how-much-the-financial-pitfalls-of-cyberattacks-on-smbs https://www.huntress.com/blog/it-costs-how-much-the-financial-pitfalls-of-cyberattacks-on-smbs Learn how managed EDRs can help SMBs offset limited cybersecurity budgets, thwart cyberattacks, and save money for the long term. 2024-04-19T00:00:00Z https://www.huntress.com/blog/huntress-snags-over-40-leader-badges-in-g2-spring-2024-reports https://www.huntress.com/blog/huntress-snags-over-40-leader-badges-in-g2-spring-2024-reports Huntress receives huge honors in latest G2 Spring 2024 Reports, earning 42 leader badges. 2024-04-10T00:00:00Z https://www.huntress.com/blog/interconnected-devices-inject-risk-into-patient-safety https://www.huntress.com/blog/interconnected-devices-inject-risk-into-patient-safety By adopting a managed EDR and partnering with experts like Huntress, healthcare providers can safeguard patient data and ensure uninterrupted patient care. 2024-04-08T00:00:00Z https://www.huntress.com/blog/analyzing-a-malicious-advanced-ip-scanner-google-ad-redirection https://www.huntress.com/blog/analyzing-a-malicious-advanced-ip-scanner-google-ad-redirection Threat actors have been using malicious versions of Advanced IP Scanner to compromise their targets via malvertising campaigns. Let’s analyze one. 2024-04-01T00:00:00Z https://www.huntress.com/blog/mssql-to-screenconnect https://www.huntress.com/blog/mssql-to-screenconnect Huntress continues to see MSSQL server systems being attacked, and in recent incidents have seen overlap with previous incidents, not only in the use of LOLBins, but also in IP addresses used by the threat actor. 2024-03-28T00:00:00Z https://www.huntress.com/blog/put-a-soc-in-it--how-huntress-managed-edr-stands-against-the-competition https://www.huntress.com/blog/put-a-soc-in-it--how-huntress-managed-edr-stands-against-the-competition Depending on which EDR solution you choose, capabilities and outcomes can differ greatly. Huntress looks at what differentiates Huntress Managed EDR from competitors, reviewing key features and benefits. 2024-03-26T00:00:00Z https://www.huntress.com/blog/seven-donts-of-security-awareness-training https://www.huntress.com/blog/seven-donts-of-security-awareness-training Many security awareness training solutions aren’t easy to manage, and worse, they affect knowledge retention. Let’s review the common SAT features that diminish your ability to improve your security posture. 2024-03-21T00:00:00Z https://www.huntress.com/blog/managing-attack-surface https://www.huntress.com/blog/managing-attack-surface Huntress recently detected interesting activity on an endpoint; a threat actor was attempting to establish a foothold on an endpoint by using commands issued via MSSQL to upload a reverse shell accessible from the web server. All attempts were obviated by MAV and process detections, but boy-howdy, did they try! 2024-03-20T00:00:00Z https://www.huntress.com/blog/using-backup-utilities-for-data-exfiltration https://www.huntress.com/blog/using-backup-utilities-for-data-exfiltration “Double extortion” attacks, often perpetrated by ransomware threat actors, include data exfiltration prior to file encryption. Huntress analysts have observed various means of data exfiltration, but recently observed the use of a legitimate backup application seen by others to be associated with a Noberus/ALPHV ransomware affiliate. 2024-03-13T00:00:00Z https://www.huntress.com/blog/full-transparency-controlling-apples-tcc-part-ii https://www.huntress.com/blog/full-transparency-controlling-apples-tcc-part-ii The primary goal of Apple's Transparency, Consent, and Control (TCC) is to empower users with transparency regarding how their data is accessed and used by applications. In this Part 2, dig even deeper into the mechanism that runs TCC and what's happening in the background. 2024-03-11T00:00:00Z https://www.huntress.com/blog/time-travelers-busted-how-to-detect-impossible-travel- https://www.huntress.com/blog/time-travelers-busted-how-to-detect-impossible-travel- Impossible Travel is one of the earliest indicators of user compromise, and it works against any user-centric event that can be tied back to a location. Huntress goes in-depth on this problem, explaining how it works, revealing challenges surrounding it, and offering real-world examples occurring within Microsoft 365. 2024-03-07T00:00:00Z https://www.huntress.com/blog/please-allow-me-to-re-introduce-myself-huntress-security-awareness-training https://www.huntress.com/blog/please-allow-me-to-re-introduce-myself-huntress-security-awareness-training Huntress has launched Huntress Security Awareness Training (SAT), a new and improved SAT solution tailored to the needs of underserved and resource-strapped organizations. It features memorable, story-driven episodes, making it easier for users to retain knowledge. And since it’s fully managed by Huntress, admins will enjoy it too. Most importantly, Huntress SAT was developed with one overall goal—elevate the security of your small- and medium-sized business (SMB). 2024-03-05T00:00:00Z https://www.huntress.com/blog/insights-rmm-tools https://www.huntress.com/blog/insights-rmm-tools Over the past year, the Huntress team has posted a number of blog posts related to remote monitoring and management (RMM) tools being installed or abused by threat actors. 2024-03-04T00:00:00Z https://www.huntress.com/blog/navigating-the-maze-of-socgholish-with-huntress-a-practical-guide https://www.huntress.com/blog/navigating-the-maze-of-socgholish-with-huntress-a-practical-guide In an era where cyber threats like SocGholish are becoming increasingly sophisticated, understanding and combating these attacks is crucial for digital safety. This post delves into leveraging Huntress for effectively handling SocGholish threats, outlining a step-by-step approach for IT professionals. 2024-03-01T00:00:00Z https://www.huntress.com/blog/attacking-mssql-servers-pt-ii https://www.huntress.com/blog/attacking-mssql-servers-pt-ii The publication of the first blog post led a Huntress SOC analyst to identify and escalate a second, similar incident. A deeper investigation into the activity made it clear that the Huntress SOC had obviated several Trigona ransomware attacks, protecting customers from the impact of a ransomware infection. 2024-02-29T00:00:00Z https://www.huntress.com/blog/blackcat-ransomware-affiliate-ttps https://www.huntress.com/blog/blackcat-ransomware-affiliate-ttps This blog post provides a detailed look at the TTPs of a ransomware affiliate operator. In this case, the endpoint had been moved to another infrastructure (as illustrated by various command lines, and confirmed by the partner), so while Huntress SOC analysts reported the activity to the partner, no Huntress customer was impacted by the ransomware deployment. 2024-02-28T00:00:00Z https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708 https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708 Adversaries have been VERY busy in the wake of the ScreenConnect vulnerabilities (CVE-2024-1709 & CVE-2024-1708). Here’s all the post-exploitation details, tradecraft, and tactics we’ve observed so far! 2024-02-23T00:00:00Z https://www.huntress.com/blog/how-to-know-if-your-screenconnect-server-is-hacked https://www.huntress.com/blog/how-to-know-if-your-screenconnect-server-is-hacked Huntress Guide: Review this guide on how to tell which ScreenConnect Server autoruns are found on your endpoint so you can quickly find and remove them. 2024-02-23T00:00:00Z https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass This blog discusses the Huntress Team's analysis efforts of the two vulnerabilities and software weaknesses in ConnectWise ScreenConnect (CVE-2024-1708 and CVE-2024-1709) and the technical details behind this attack. 2024-02-21T00:00:00Z https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2 https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2 Stay secure with Huntress! Learn about critical vulnerabilities tied to ConnectWise, including CWE-288 authentication bypass. Patch now to version 23.9.8 for protection. 2024-02-20T00:00:00Z https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8 https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8 Huntress has validated the vulnerabilities referred to in the latest February 19 ConnectWise ScreenConnect advisory. For on-premise users, it is our strongest recommendation to patch and update to ScreenConnect version 23.9.8 immediately. 2024-02-19T00:00:00Z https://www.huntress.com/blog/solving-endpoint-security-challenges-with-a-managed-edr https://www.huntress.com/blog/solving-endpoint-security-challenges-with-a-managed-edr Endpoint detection and response (EDR) is an essential endpoint security solution, but without the right time, resources, and knowledge to remediate threats, your EDR can quickly become a nuisance. 2024-02-16T00:00:00Z https://www.huntress.com/blog/the-health-sector-is-under-attack-but-you-can-fight-back- https://www.huntress.com/blog/the-health-sector-is-under-attack-but-you-can-fight-back- Healthcare organizations are facing cyber threats at an alarming rate, and as the U.S. Department of Health and Human Services (HHS) introduces new measures for cybersecurity, it’s also time for small- and mid-sized organizations to be proactive in their defense. 2024-02-15T00:00:00Z https://www.huntress.com/blog/threat-intel-accelerates-detection-and-response https://www.huntress.com/blog/threat-intel-accelerates-detection-and-response Evidence of a pre-existing exploit was rendered when the Huntress agent was added to an endpoint. Within minutes, and in part through the use of previously published threat intelligence, analysts were able to identify the issue and make recommendations to the customer to remediate the root cause. 2024-02-14T00:00:00Z https://www.huntress.com/blog/attacking-mssql-servers https://www.huntress.com/blog/attacking-mssql-servers In addition to social engineering attacks, threat actors target organizations' attack surface, looking for exposed services and applications to gain access into an infrastructure. Microsoft SQL database servers have long been a target for attackers. 2024-02-08T00:00:00Z https://www.huntress.com/blog/rats-remote-management-software-from-the-hackers-perspective https://www.huntress.com/blog/rats-remote-management-software-from-the-hackers-perspective Tips and tricks to hunt down RMM abuse. Remote access tools for persistence. Are RMMs really just command and control? January’s Tradecraft Tuesday was wild. Here’s the recap. 2024-02-06T00:00:00Z https://www.huntress.com/blog/threat-advisory-possible-anydesk-stolen-code-signing-certificate https://www.huntress.com/blog/threat-advisory-possible-anydesk-stolen-code-signing-certificate Huntress is tracking concerns regarding the AnyDesk remote control software and provider. 2024-02-02T00:00:00Z https://www.huntress.com/blog/ransomware-deployment-attempts-via-teamviewer https://www.huntress.com/blog/ransomware-deployment-attempts-via-teamviewer Huntress analysts continue to observe access to endpoints via legacy TeamViewer installations, and/or compromised TeamViewer credentials. 2024-01-17T00:00:00Z https://www.huntress.com/blog/full-transparency-controlling-apples-tcc https://www.huntress.com/blog/full-transparency-controlling-apples-tcc Dive into Apple's TCC framework, decoding its role in user privacy. Explore permissions, challenges, and the encryption safeguarding sensitive data. 2024-01-16T00:00:00Z https://www.huntress.com/blog/securing-healthcare-handling-cyber-threats-with-care https://www.huntress.com/blog/securing-healthcare-handling-cyber-threats-with-care What’s the key to navigating healthcare cybersecurity? This blog decodes today’s healthcare threat landscape and defensive strategies for patient well-being. 2024-01-12T00:00:00Z https://www.huntress.com/blog/empowering-the-hunt-all-your-security-in-one-place https://www.huntress.com/blog/empowering-the-hunt-all-your-security-in-one-place Huntress unveils a powerful new platform UI for 2024! From SOC insights to triage feeds, all your security insights are now in a unified interface in the Huntress platform. 2024-01-04T00:00:00Z https://www.huntress.com/blog/doing-more-with-less-navigating-cybersecurity-challenges-in-healthcare https://www.huntress.com/blog/doing-more-with-less-navigating-cybersecurity-challenges-in-healthcare Discover essential strategies for healthcare cybersecurity in our latest blog. Learn how to navigate challenges, optimize resources, and safeguard patient data. 2024-01-02T00:00:00Z https://www.huntress.com/blog/combating-emerging-microsoft-365-tradecraft-initial-access https://www.huntress.com/blog/combating-emerging-microsoft-365-tradecraft-initial-access Threats evolve, and so does Huntress. Let’s talk about evolving our approach to hitting the hackers where it hurts on Microsoft 365. 2023-12-27T00:00:00Z https://www.huntress.com/blog/what-does-the-future-hold-for-todays-cybersecurity-leaders https://www.huntress.com/blog/what-does-the-future-hold-for-todays-cybersecurity-leaders From budget constraints to the rise of AI - discover how CISOs and cybersecurity leaders navigated challenges in 2023 and gain insights for success in 2024. 2023-12-26T00:00:00Z https://www.huntress.com/blog/effortless-phishing-simulations-now-part-of-huntress-security-awareness-training https://www.huntress.com/blog/effortless-phishing-simulations-now-part-of-huntress-security-awareness-training Read about our newest addition to Huntress Managed SAT, Managed Phishing, offering you expert-backed, hassle-free simulated phishing campaigns. 2023-12-23T00:00:00Z https://www.huntress.com/blog/teach-yourself-to-phish-the-strategy-behind-phishing-simulations https://www.huntress.com/blog/teach-yourself-to-phish-the-strategy-behind-phishing-simulations Get ready for a phishing trip! Learn about the strategy behind phishing simulations and how it can help your organization build resilience against real phishing threats. 2023-12-19T00:00:00Z https://www.huntress.com/blog/curling-for-data-a-dive-into-a-threat-actors-malicious-ttps https://www.huntress.com/blog/curling-for-data-a-dive-into-a-threat-actors-malicious-ttps Huntress analysts recently observed a novel set of tactics, techniques, and procedures used by a threat actor for data collection and exfiltration. 2023-12-14T00:00:00Z https://www.huntress.com/blog/orienting-intelligence-requirements-to-the-small-business-space https://www.huntress.com/blog/orienting-intelligence-requirements-to-the-small-business-space Discover how to streamline small business intelligence for practical decision-making, balance benefits, and explore cost-effective outsourcing solutions. 2023-12-12T00:00:00Z https://www.huntress.com/blog/exploring-the-value-of-indicators-in-small-business-defense https://www.huntress.com/blog/exploring-the-value-of-indicators-in-small-business-defense Discover how leveraging technical indicators can boost cybersecurity effectiveness and empower small business defense. Read on for practical insights. 2023-12-07T00:00:00Z https://www.huntress.com/blog/huntress-mdr-for-microsoft-365-update https://www.huntress.com/blog/huntress-mdr-for-microsoft-365-update An update on our MDR for Microsoft 365 product, some recent improvements, and what fixes and features are coming soon. 2023-12-06T00:00:00Z https://www.huntress.com/blog/cis-controls-security-awareness-training https://www.huntress.com/blog/cis-controls-security-awareness-training Learn more about how Huntress' Managed Security Awareness Program can help your employees follow CIS control requirements. 2023-12-04T00:00:00Z https://www.huntress.com/blog/macos-terms-and-trends-you-should-know-about https://www.huntress.com/blog/macos-terms-and-trends-you-should-know-about A look inside the evolving landscape of macOS malware. Dive into the current state of macOS threats and learn from a glossary of essential macOS terms. 2023-11-30T00:00:00Z https://www.huntress.com/blog/mft-exploitation-and-adversary-operations https://www.huntress.com/blog/mft-exploitation-and-adversary-operations Dive into our analysis of the CVE-2023-43117 threat in CrushFTP and the growing popularity of MFT application exploitation as a tactic for adversaries. 2023-11-29T00:00:00Z https://www.huntress.com/blog/cant-touch-this-data-exfiltration-via-finger https://www.huntress.com/blog/cant-touch-this-data-exfiltration-via-finger Threat actors frequently make use of native utilities during incidents. However, this blog post discusses a rarely-observed means of data exfiltration. 2023-11-28T00:00:00Z https://www.huntress.com/blog/navigating-the-smb-threat-landscape-key-insights-from-huntress-smb-threat-report https://www.huntress.com/blog/navigating-the-smb-threat-landscape-key-insights-from-huntress-smb-threat-report Navigate the SMB threat landscape with Huntress’ SMB Threat Report. Gain insights into evolving cyber threats targeting SMBs. Read on for key insights. 2023-11-21T00:00:00Z https://www.huntress.com/blog/critical-vulnerability-sysaid-cve-2023-47246 https://www.huntress.com/blog/critical-vulnerability-sysaid-cve-2023-47246 Huntress has analyzed the emerging SysAid CVE-2023-47246 vulnerability and recreated the attack chain with a proof-of-concept exploit. 2023-11-10T00:00:00Z https://www.huntress.com/blog/third-party-pharmaceutical-vendor-linked-to-pharmacy-and-health-clinic-cyberattack https://www.huntress.com/blog/third-party-pharmaceutical-vendor-linked-to-pharmacy-and-health-clinic-cyberattack Huntress has uncovered a series of unauthorized access, revealing a threat actor using ScreenConnect to infiltrate multiple healthcare organizations. 2023-11-09T00:00:00Z https://www.huntress.com/blog/confluence-to-cerber-exploitation-of-cve-2023-22518-for-ransomware-deployment https://www.huntress.com/blog/confluence-to-cerber-exploitation-of-cve-2023-22518-for-ransomware-deployment CVE-2023-22518 is being exploited in Confluence for Cerber ransomware deployment. Read up on Huntress’ observations and mitigation guidance. 2023-11-07T00:00:00Z https://www.huntress.com/blog/critical-vulnerability-exploitation-of-apache-activemq-cve-2023-46604 https://www.huntress.com/blog/critical-vulnerability-exploitation-of-apache-activemq-cve-2023-46604 CVE-2023-46604 is a critical remote code execution vulnerability in Apache ActiveMQ. Patch now to avoid any potential adversary exploitation. 2023-11-02T00:00:00Z https://www.huntress.com/blog/the-hackers-in-the-arena-the-huntress-ctf-retrospective https://www.huntress.com/blog/the-hackers-in-the-arena-the-huntress-ctf-retrospective This blog post is a retrospective on the Huntress team's month-long Capture the Flag (CTF) event, highlighting diverse challenges and hacker camaraderie. 2023-10-31T00:00:00Z https://www.huntress.com/blog/exposed-passwords-on-endpoints-are-more-common-than-you-think https://www.huntress.com/blog/exposed-passwords-on-endpoints-are-more-common-than-you-think Discover the alarming prevalence of exposed passwords on endpoints and how to safeguard your credentials. Learn from Huntress' findings and insights. 2023-10-25T00:00:00Z https://www.huntress.com/blog/5-phishing-email-scams-and-how-not-to-fall-for-them https://www.huntress.com/blog/5-phishing-email-scams-and-how-not-to-fall-for-them Explore the art of phishing, learn how to spot common phishing scams and red flags, and understand the importance of security awareness training. 2023-10-18T00:00:00Z https://www.huntress.com/blog/huntress-mdr-for-microsoft-365-the-full-story https://www.huntress.com/blog/huntress-mdr-for-microsoft-365-the-full-story Read up on how and why Huntress built its Managed ITDR (formerly MDR for Microsoft 365) solution to help combat the growing threat of business email compromise (BEC). 2023-10-16T00:00:00Z https://www.huntress.com/blog/why-are-you-still-paying-for-antivirus https://www.huntress.com/blog/why-are-you-still-paying-for-antivirus Is it worth ditching your legacy antivirus solution? This blog takes a hard look at what matters most in AV and endpoint protection tools. 2023-10-11T00:00:00Z https://www.huntress.com/blog/3-hot-takes-and-tips-for-cybersecurity-awareness-month-2023 https://www.huntress.com/blog/3-hot-takes-and-tips-for-cybersecurity-awareness-month-2023 In the spirit of Cybersecurity Awareness Month, use these cybersecurity tips to take your security hygiene and cyber knowledge up a notch. 2023-10-10T00:00:00Z https://www.huntress.com/blog/3-hot-takes-and-tips-for-cybersecurity-awareness-month-2023 https://www.huntress.com/blog/3-hot-takes-and-tips-for-cybersecurity-awareness-month-2023 In the spirit of Cybersecurity Awareness Month, use these cybersecurity tips to take your security hygiene and cyber knowledge up a notch. 2023-10-10T00:00:00Z https://www.huntress.com/blog/pairing-socs-with-automation-you-wont-be-replaced-by-a-robot-yet https://www.huntress.com/blog/pairing-socs-with-automation-you-wont-be-replaced-by-a-robot-yet We can use automation, detection and response, and open-source software to solve common SOC challenges. Read about simple approaches for SOC automation. 2023-10-05T00:00:00Z https://www.huntress.com/blog/ask-the-mac-guy-do-i-need-av-on-mac https://www.huntress.com/blog/ask-the-mac-guy-do-i-need-av-on-mac In this blog, our Mac expert answers the existential question: As a Mac user, do you need to use an antivirus (AV) to protect your Mac? 2023-10-03T00:00:00Z https://www.huntress.com/blog/critical-vulnerabilities-ws-ftp-exploitation https://www.huntress.com/blog/critical-vulnerabilities-ws-ftp-exploitation Huntress is actively investigating numerous vulnerabilities affecting the WS_FTP Server Ad Hoc Transfer Module observed in the wild. 2023-10-02T00:00:00Z https://www.huntress.com/blog/critical-vulnerability-webp-heap-buffer-overflow-cve-2023-4863 https://www.huntress.com/blog/critical-vulnerability-webp-heap-buffer-overflow-cve-2023-4863 Huntress is tracking a new critical vulnerability seen in the wild that affects anything using the libwebp WebP image library. Here’s what we know so far. 2023-09-28T00:00:00Z https://www.huntress.com/blog/humans-vs-ai-the-critical-role-of-human-expertise-in-cybersecurity https://www.huntress.com/blog/humans-vs-ai-the-critical-role-of-human-expertise-in-cybersecurity Can AI ever fully replace humans in cybersecurity? We argue that human-powered security is the key to staying one step ahead of today’s threats. 2023-09-28T00:00:00Z https://www.huntress.com/blog/netscaler-exploitation-to-social-engineering-mapping-convergence-of-adversary-tradecraft-across-victims https://www.huntress.com/blog/netscaler-exploitation-to-social-engineering-mapping-convergence-of-adversary-tradecraft-across-victims The following is an analysis by the Huntress team of several recent intrusions connected to the Netscaler exploitation. 2023-09-26T00:00:00Z https://www.huntress.com/blog/introducing-incident-notification-a-game-changer-for-critical-incident-response https://www.huntress.com/blog/introducing-incident-notification-a-game-changer-for-critical-incident-response Read about Huntress' newest feature, Incident Notification, which allows us to instantly alert partners to critical incidents via SMS text or phone call. 2023-09-22T00:00:00Z https://www.huntress.com/blog/understanding-evil-how-to-reverse-engineer-malware https://www.huntress.com/blog/understanding-evil-how-to-reverse-engineer-malware Dive into the fundamentals of reverse engineering malware and understanding how malicious software works. 2023-09-21T00:00:00Z https://www.huntress.com/blog/enhancing-cybersecurity-for-msps-in-australia-and-new-zealand https://www.huntress.com/blog/enhancing-cybersecurity-for-msps-in-australia-and-new-zealand Read expert tips about how MSPs in Australia and New Zealand can elevate their cybersecurity offerings and have better sales conversations with customers. 2023-09-20T00:00:00Z https://www.huntress.com/blog/spidering-through-identity-for-profit-and-disruption https://www.huntress.com/blog/spidering-through-identity-for-profit-and-disruption Dive into the recent Las Vegas casino cyberattacks linked to Scattered Spider, and learn how organizations can defend against such identify-based attacks. 2023-09-14T00:00:00Z https://www.huntress.com/blog/evolution-of-usb-borne-malware-raspberry-robin https://www.huntress.com/blog/evolution-of-usb-borne-malware-raspberry-robin A deep dive into the USB-borne Raspberry Robin malware and how Huntress Managed EDR and Managed Antivirus can detect and mitigate this threat. 2023-09-07T00:00:00Z https://www.huntress.com/blog/ask-the-mac-guy-best-practices-for-securing-macs https://www.huntress.com/blog/ask-the-mac-guy-best-practices-for-securing-macs Tips from a Mac expert. Discover the best practices users and administrators can use to secure your Mac devices or your Mac fleet. 2023-09-05T00:00:00Z https://www.huntress.com/blog/how-huntress-transformed-its-detection-engine https://www.huntress.com/blog/how-huntress-transformed-its-detection-engine The blog post discusses the evolution of Huntress' data analysis in response to scaling challenges and how we transitioned to a custom detection engine. 2023-08-31T00:00:00Z https://www.huntress.com/blog/qakbot-malware-takedown-and-defending-forward https://www.huntress.com/blog/qakbot-malware-takedown-and-defending-forward With the FBI's takedown of Qakbot malware, we're sharing how the Huntress team developed our own Qakbot vaccine and our commitment to defend forward. 2023-08-30T00:00:00Z https://www.huntress.com/blog/threat-hunting-and-tactical-malware-analysis https://www.huntress.com/blog/threat-hunting-and-tactical-malware-analysis Dive into the basics of threat hunting and tactical malware analysis, and learn how these two practices go hand in hand in cybersecurity. 2023-08-29T00:00:00Z https://www.huntress.com/blog/best-practices-to-reduce-your-attack-surface https://www.huntress.com/blog/best-practices-to-reduce-your-attack-surface Read expert insights on how to strengthen your cybersecurity strategy with asset inventory and attack surface reduction. 2023-08-23T00:00:00Z https://www.huntress.com/blog/ask-the-mac-guy-macos-security-myths https://www.huntress.com/blog/ask-the-mac-guy-macos-security-myths Discover the truth about macOS security. The Huntress Mac Guy answers common macOS security questions like why you should protect your Mac computers. 2023-08-22T00:00:00Z https://www.huntress.com/blog/gone-phishing-an-analysis-of-a-targeted-user-attack https://www.huntress.com/blog/gone-phishing-an-analysis-of-a-targeted-user-attack Get an inside look at how threat actors use phishing and social engineering tactics to target users and infiltrate organizations. 2023-08-17T00:00:00Z https://www.huntress.com/blog/traditional-antivirus-vs-managed-antivirus https://www.huntress.com/blog/traditional-antivirus-vs-managed-antivirus Learn why traditional antivirus falls short against today's cyber threats on its own and how Huntress offers proactive, effective protection. 2023-08-16T00:00:00Z https://www.huntress.com/blog/investigating-new-inc-ransom-group-activity https://www.huntress.com/blog/investigating-new-inc-ransom-group-activity The Huntress team investigated a ransomware attack of a new INC Ransom threat actor group. Here is the activity we observed. 2023-08-11T00:00:00Z https://www.huntress.com/blog/identity-the-third-phase-of-security-operations https://www.huntress.com/blog/identity-the-third-phase-of-security-operations We’ve entered the era of identity security. Are you ready? Explore how to counter evolving threats and protect identities with confidence. 2023-08-10T00:00:00Z https://www.huntress.com/blog/how-security-centric-procedures-and-training-helped-huntress-catch-a-100000-bec-scam https://www.huntress.com/blog/how-security-centric-procedures-and-training-helped-huntress-catch-a-100000-bec-scam Discover how Huntress caught an attempted business email compromise (BEC) scam that would have cost the company more than $100,000 had it gone undetected. 2023-08-09T00:00:00Z https://www.huntress.com/blog/beyond-antivirus-how-businesses-should-be-scaling-their-security https://www.huntress.com/blog/beyond-antivirus-how-businesses-should-be-scaling-their-security Discover how today's businesses can conquer security challenges, strengthen defenses and evolve their security beyond traditional antivirus measures. 2023-08-08T00:00:00Z https://www.huntress.com/blog/another-papercut-cve-2023-39143-remote-code-execution https://www.huntress.com/blog/another-papercut-cve-2023-39143-remote-code-execution Huntress is tracking a new PaperCut vulnerability, CVE-2023-39143, which allows full remote code execution on unpatched servers. 2023-08-05T00:00:00Z https://www.huntress.com/blog/legitimate-apps-as-traitorware-for-persistent-microsoft-365-compromise https://www.huntress.com/blog/legitimate-apps-as-traitorware-for-persistent-microsoft-365-compromise Dive into how Huntress caught a threat actor adding several legitimate email apps to maintain persistent access to a compromised Microsoft 365 environment. 2023-08-03T00:00:00Z https://www.huntress.com/blog/breaking-down-the-threat-hunting-process https://www.huntress.com/blog/breaking-down-the-threat-hunting-process Discover the key phases of the threat hunting process and how threat hunters structure their hunts to proactively seek out threats. 2023-08-02T00:00:00Z https://www.huntress.com/blog/why-huntress-trusts-microsoft-defender-antivirus-and-you-should-too https://www.huntress.com/blog/why-huntress-trusts-microsoft-defender-antivirus-and-you-should-too Is it worth switching to Microsoft Defender Antivirus? Spoiler alert: We think yes! Explore why Defender is a solid AV solution. 2023-08-01T00:00:00Z https://www.huntress.com/blog/business-email-compromise-via-azure-administrative-privileges https://www.huntress.com/blog/business-email-compromise-via-azure-administrative-privileges Explore how Huntress stopped a massive business email compromise (BEC) attack targeting multiple user accounts within a single organization. 2023-07-27T00:00:00Z https://www.huntress.com/blog/the-power-of-cyber-insurance-what-every-msp-should-know https://www.huntress.com/blog/the-power-of-cyber-insurance-what-every-msp-should-know This blog post provides a comprehensive overview of the importance, benefits and challenges of cyber insurance that every MSP should be aware of. 2023-07-25T00:00:00Z https://www.huntress.com/blog/celebrating-one-year-of-security-awareness-training https://www.huntress.com/blog/celebrating-one-year-of-security-awareness-training Dive into the improvements and progress we’ve made with Huntress Security Awareness Training since acquiring Curricula one year ago. 2023-07-19T00:00:00Z https://www.huntress.com/blog/thwarting-financial-fraud-shutting-down-hackers-in-microsoft-365 https://www.huntress.com/blog/thwarting-financial-fraud-shutting-down-hackers-in-microsoft-365 In this blog, explore how Huntress caught an attempt at financial fraud through business email compromise (BEC) in Microsoft 365. 2023-07-13T00:00:00Z https://www.huntress.com/blog/move-it-on-over-reflecting-on-the-moveit-exploitation https://www.huntress.com/blog/move-it-on-over-reflecting-on-the-moveit-exploitation In this blog, we explore the long-term impact of the MOVEit exploitation and how defenders can stay vigilant and learn from the past. 2023-07-07T00:00:00Z https://www.huntress.com/blog/threat-hunting-for-business-email-compromise-through-user-agents https://www.huntress.com/blog/threat-hunting-for-business-email-compromise-through-user-agents Can we use anomalous user agents to detect potential business email compromise (BEC) in Microsoft 365? Explore what we found through threat hunting for BEC. 2023-07-06T00:00:00Z https://www.huntress.com/blog/dmxprotect-stop-drop-shut-malware-down-before-it-opens-up-shop https://www.huntress.com/blog/dmxprotect-stop-drop-shut-malware-down-before-it-opens-up-shop Do you need third-party security for macOS? Discover if Apple’s malware prevention products, XProtect and XProtect Remediator, are good enough solutions to keep users safe. 2023-06-28T00:00:00Z https://www.huntress.com/blog/one-msp-three-microsoft-365-compromises-72-hours https://www.huntress.com/blog/one-msp-three-microsoft-365-compromises-72-hours Discover how Huntress Managed Identity Threat Detection and Response identified three business email compromise (BEC) attacks within 72 hours of each other. 2023-06-27T00:00:00Z https://www.huntress.com/blog/how-to-speak-to-smbs-about-cybersecurity https://www.huntress.com/blog/how-to-speak-to-smbs-about-cybersecurity Need help approaching the security sales conversation? Use these tips to walk into your next client meeting armed with points for selling cybersecurity. 2023-06-20T00:00:00Z https://www.huntress.com/blog/understanding-gdap-and-its-operational-impact https://www.huntress.com/blog/understanding-gdap-and-its-operational-impact Everything you need to know about Microsoft's authentication control, Granular Delegated Admin Privileges (GDAP). 2023-06-13T00:00:00Z https://www.huntress.com/blog/calm-in-the-storm-reviewing-volt-typhoon https://www.huntress.com/blog/calm-in-the-storm-reviewing-volt-typhoon Explore the recent disclosures concerning Volt Typhoon, a threat actor engaged in the widespread exploitation of external-facing services and network appliances. 2023-06-08T00:00:00Z https://www.huntress.com/blog/beware-of-traitorware-using-splunk-for-persistence https://www.huntress.com/blog/beware-of-traitorware-using-splunk-for-persistence This blog illustrates how the Splunk Universal Forwarder (UF) can be used as traitorware for persistence and remote code execution. 2023-06-06T00:00:00Z https://www.huntress.com/blog/moveit-transfer-critical-vulnerability-rapid-response https://www.huntress.com/blog/moveit-transfer-critical-vulnerability-rapid-response Our team is tracking in-the-wild exploitation of a zero-day vulnerability against Progress' MOVEit Transfer web application that allows for escalated privileges and unauthorized access. 2023-06-01T00:00:00Z https://www.huntress.com/blog/threat-advisory-xmrig-crypto-mining-by-way-of-teamviewer https://www.huntress.com/blog/threat-advisory-xmrig-crypto-mining-by-way-of-teamviewer Huntress has recently seen an uptick in compromised TeamViewer accounts being used to install the XMRig cryptocurrency miner. Dive into the analysis here. 2023-05-30T00:00:00Z https://www.huntress.com/blog/the-battle-for-macos-management-mdm-vs-rmm https://www.huntress.com/blog/the-battle-for-macos-management-mdm-vs-rmm Explore the two primary methods for managing macOS devices, MDM (Mobile Device Management) and RMM (Remote Monitoring and Management). 2023-05-23T00:00:00Z https://www.huntress.com/blog/new-investment-fuels-our-mission-to-enable-smbs-to-better-protect-their-business-assets https://www.huntress.com/blog/new-investment-fuels-our-mission-to-enable-smbs-to-better-protect-their-business-assets Huntress has raised $60M in Series C funding, led by Sapphire Ventures with participation from existing investors Forgepoint Capital and JMI Equity. 2023-05-16T00:00:00Z https://www.huntress.com/blog/advanced-cyberchef-tips-asyncrat-loader https://www.huntress.com/blog/advanced-cyberchef-tips-asyncrat-loader Need some CyberChef tips? You've come to the right blog. 2023-05-09T00:00:00Z https://www.huntress.com/blog/the-power-of-people-inside-huntress-edr-24x7-operations https://www.huntress.com/blog/the-power-of-people-inside-huntress-edr-24x7-operations Watch the webinar recording for an overview of the Huntress platform for our community—and how our human analysts make all the difference. 2023-05-02T00:00:00Z https://www.huntress.com/blog/endpoint-security-in-a-macos-world https://www.huntress.com/blog/endpoint-security-in-a-macos-world It would take hours to cover everything endpoint security can do, but this blog covers it in a few aspects: a high-level overview, a deeper dive and how detection engineers can leverage it. 2023-04-25T00:00:00Z https://www.huntress.com/blog/critical-vulnerabilities-in-papercut-print-management-software https://www.huntress.com/blog/critical-vulnerabilities-in-papercut-print-management-software Our team is tracking in-the-wild exploitation of zero-day vulnerabilities against PaperCut MF/NG which allow for unauthenticated remote code execution due to an authentication bypass. 2023-04-21T00:00:00Z https://www.huntress.com/blog/huntress-australia-new-zealand-msp https://www.huntress.com/blog/huntress-australia-new-zealand-msp Huntress is bringing the hunt to Australia and New Zealand! Hear from the Regional Director of Huntress ANZ what this expansion means. 2023-04-13T00:00:00Z https://www.huntress.com/blog/traitorware-and-living-off-the-land-using-splunk-to-exfiltrate-data https://www.huntress.com/blog/traitorware-and-living-off-the-land-using-splunk-to-exfiltrate-data Your security tools are just as likely to be attacked as anything else. This blog dives into traitorware and how it's used to live off the land. 2023-04-11T00:00:00Z https://www.huntress.com/blog/huntress-is-soc2-gdpr-and-ccpa-compliant https://www.huntress.com/blog/huntress-is-soc2-gdpr-and-ccpa-compliant Huntress is SOC2, GDPR and CCPA Compliant. Read what this means for us—and for our partners. 2023-04-06T00:00:00Z https://www.huntress.com/blog/huntress-heads-into-q2-serving-more-smbs-and-2-million-endpoints https://www.huntress.com/blog/huntress-heads-into-q2-serving-more-smbs-and-2-million-endpoints We're so excited to say we're now securing more than two million endpoints! 2023-04-04T00:00:00Z https://www.huntress.com/blog/contextualizing-events-enabling-defense-what-3cx-means https://www.huntress.com/blog/contextualizing-events-enabling-defense-what-3cx-means In this blog, we contextualize the events and talk about enabling defense from the 3CX compromise. 2023-03-31T00:00:00Z https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats The 3CX VoIP Desktop Application has been compromised to deliver malware via legitimate 3CX updates. Huntress has been investigating this incident and working to validate and assess the current supply chain threat to the security community. 2023-03-30T00:00:00Z https://www.huntress.com/blog/mid-sized-businesses-vs-the-threat-landscape-in-2023 https://www.huntress.com/blog/mid-sized-businesses-vs-the-threat-landscape-in-2023 A survey of mid-sized businesses revealed common cybersecurity vulnerabilities. Learn what they are and how to improve your security posture in 2023. 2023-03-28T00:00:00Z https://www.huntress.com/blog/macos-notifications https://www.huntress.com/blog/macos-notifications In this blog, we dive into macOS notifications—and the intentional design behind them. 2023-03-21T00:00:00Z https://www.huntress.com/blog/everything-we-know-about-cve-2023-23397 https://www.huntress.com/blog/everything-we-know-about-cve-2023-23397 Huntress is tracking CVE-2023-23397, a 0-day that impacts Microsoft Outlook and requires no user interaction to expose user credential hashes. 2023-03-17T00:00:00Z https://www.huntress.com/blog/addressing-initial-access https://www.huntress.com/blog/addressing-initial-access Series of blog posts that share the breadth and depth of Huntress’ experience to assist others in reducing their attack surface, and inhibiting or even obviating cyber attacks. 2023-03-16T00:00:00Z https://www.huntress.com/blog/veeam-backup-replication-cve-2023-27532-response https://www.huntress.com/blog/veeam-backup-replication-cve-2023-27532-response We cover CVE-2023-27532, a vulnerability in the Veeam Backup & Replication component that allowed an unauthenticated user to retrieve host credentials. 2023-03-13T00:00:00Z https://www.huntress.com/blog/how-to-get-buy-in-for-an-edr-purchase https://www.huntress.com/blog/how-to-get-buy-in-for-an-edr-purchase EDR is a baseline for security controls these days. Learn which questions to ask and answers to give when seeking buy-in to add or replace an EDR in your security stack. 2023-03-07T00:00:00Z https://www.huntress.com/blog/endpoint-detection-and-response-edr-under-the-hood https://www.huntress.com/blog/endpoint-detection-and-response-edr-under-the-hood We’re going to try to cut through the noise and shed some light on EDR to understand the variance, capability, and efficacy of EDR solutions in the market. 2023-02-23T00:00:00Z https://www.huntress.com/blog/built-in-macos-security-tools https://www.huntress.com/blog/built-in-macos-security-tools We discuss some of our favorite and most interesting built-in macOS security tools. 2023-02-21T00:00:00Z https://www.huntress.com/blog/not-all-managed-is-created-equally https://www.huntress.com/blog/not-all-managed-is-created-equally A lot of companies use the word managed, leading to the idea that all solutions are the same when it comes to being managed; however, similar doesn’t mean the same. 2023-02-14T00:00:00Z https://www.huntress.com/blog/choosing-the-right-edr-managed-vs-unmanaged https://www.huntress.com/blog/choosing-the-right-edr-managed-vs-unmanaged Your company needs an EDR solution, but where do you start? Do you need managed EDR or unmanaged EDR? Find out which is best for you in this blog. 2023-02-09T00:00:00Z https://www.huntress.com/blog/investigating-intrusions-from-intriguing-exploits https://www.huntress.com/blog/investigating-intrusions-from-intriguing-exploits On 02 February 2023, an alert triggered in a Huntress-protected environment. We dive into triaging the threat in this blog. 2023-02-08T00:00:00Z https://www.huntress.com/blog/ave-maria-and-the-chambers-of-warzone-rat https://www.huntress.com/blog/ave-maria-and-the-chambers-of-warzone-rat Helping analysts develop a better understanding of the elastic search syntax. 2023-01-31T00:00:00Z https://www.huntress.com/blog/the-methods-behind-a-huntress-managed-antivirus-investigation https://www.huntress.com/blog/the-methods-behind-a-huntress-managed-antivirus-investigation In this blog, we’ll go on a short journey of how we dissected a vague Managed Antivirus alert and offer some ideas and methods for security analysts. 2023-01-19T00:00:00Z https://www.huntress.com/blog/why-having-backups-isnt-enough https://www.huntress.com/blog/why-having-backups-isnt-enough Having backups is only one component of a solid business continuity and disaster recovery plan. 2023-01-17T00:00:00Z https://www.huntress.com/blog/insistence-on-persistence https://www.huntress.com/blog/insistence-on-persistence In this blog, we'll explore our new Mac agent, what we look for and why—and where we’re heading. 2023-01-10T00:00:00Z https://www.huntress.com/blog/managed-endpoint-detection-and-response-edr-in-action https://www.huntress.com/blog/managed-endpoint-detection-and-response-edr-in-action In this blog, we expose how hackers go after the most vulnerable and critical aspects of an endpoint and how managed EDR can help stop attacks in their tracks. 2023-01-05T00:00:00Z https://www.huntress.com/blog/going-the-distance-cyber-predictions-for-2023 https://www.huntress.com/blog/going-the-distance-cyber-predictions-for-2023 Two of Huntress’ heavy hitters John Hammond and Dray Agha lace up their gloves to join the good fight and add their predictions for 2023. 2023-01-03T00:00:00Z https://www.huntress.com/blog/owassrf-explained-analyzing-the-microsoft-exchange-rce-vulnerability https://www.huntress.com/blog/owassrf-explained-analyzing-the-microsoft-exchange-rce-vulnerability Huntress' analysis of a new exploit chain (called OWASSRF) that can lead to critical remote code execution on unpatched Exchange hosts. 2022-12-29T00:00:00Z https://www.huntress.com/blog/using-shodan-images-to-hunt-down-ransomware-groups https://www.huntress.com/blog/using-shodan-images-to-hunt-down-ransomware-groups In this blog, we’re going to focus on how Shodan helps us unveil some of the infrastructure that supports ransomware actors. 2022-12-20T00:00:00Z https://www.huntress.com/blog/clearing-the-air-overblown-claims-of-vulnerabilities-exploits-severity https://www.huntress.com/blog/clearing-the-air-overblown-claims-of-vulnerabilities-exploits-severity Our team has been tracking conversations surrounding ConnectWise Control vulnerabilities and alleged exploitation. We politely disagree with the threat and criticality presented by the security researcher. 2022-12-14T00:00:00Z https://www.huntress.com/blog/the-value-of-managed-edr-for-the-modern-msp https://www.huntress.com/blog/the-value-of-managed-edr-for-the-modern-msp Our partners at Clear Guidance Partners experienced the value of our EDR capabilities in real-time, pitting them against an active ransomware attack. 2022-12-13T00:00:00Z https://www.huntress.com/blog/defense-evasion-defenders-strike-back https://www.huntress.com/blog/defense-evasion-defenders-strike-back In the last blog of our defense evasion series, we'll cover granular advice for monitoring and detecting defense evasion. 2022-12-06T00:00:00Z https://www.huntress.com/blog/incident-response-choose-your-own-adventure-exercise https://www.huntress.com/blog/incident-response-choose-your-own-adventure-exercise Incident response is a lot like a choose your own adventure exercise. We cover the ground rules and talk about some incidents we’ve helped partners with. 2022-11-29T00:00:00Z https://www.huntress.com/blog/threat-advisory-qakbot-activity-is-rising https://www.huntress.com/blog/threat-advisory-qakbot-activity-is-rising We're seeing a rise in Qakbot activity. Here's what you need to know to keep your environments safe. 2022-11-22T00:00:00Z https://www.huntress.com/blog/tradecraft-shenanigans-and-spice-hack-it-2022-recap https://www.huntress.com/blog/tradecraft-shenanigans-and-spice-hack-it-2022-recap hack_it 2022 was jam-packed with hacker tradecraft, shady shenanigans, and—as always—a little spice. Check out our favorite moments and highlights! 2022-11-17T00:00:00Z https://www.huntress.com/blog/do-you-have-a-security-hygiene-checklist-in-place https://www.huntress.com/blog/do-you-have-a-security-hygiene-checklist-in-place A strong security foundation is the cornerstone of any MSP’s success. Learn how to build this foundation—even if you're new to cybersecurity. 2022-11-15T00:00:00Z https://www.huntress.com/blog/creating-macos-ransomware https://www.huntress.com/blog/creating-macos-ransomware With the beta release of the Huntress macOS agent, we wanted to share some of the Apple-y stuff we’ve been up to behind the scenes. 2022-11-08T00:00:00Z https://www.huntress.com/blog/macos-support-is-here https://www.huntress.com/blog/macos-support-is-here We're excited to announce the general availability of the Huntress macOS agent! And don't worry – Persistent Footholds are just the beginning. 2022-11-01T00:00:00Z https://www.huntress.com/blog/critical-vulnerability-disclosure-connectwise-r1soft-server-backup-manager-remote-code-execution-supply-chain-risks https://www.huntress.com/blog/critical-vulnerability-disclosure-connectwise-r1soft-server-backup-manager-remote-code-execution-supply-chain-risks Huntress has validated an initial report for an authentication bypass and sensitive file leak present in the Java framework “ZK”, used within the ConnectWise R1Soft software Server Backup Manager SE. 2022-10-31T00:00:00Z https://www.huntress.com/blog/clearing-the-air-huntress-myths-and-misconceptions https://www.huntress.com/blog/clearing-the-air-huntress-myths-and-misconceptions We’ve been seeing some misinformation being spread around with regards to the Huntress technology stack/capabilities we possess today. We’re here to provide clarity. 2022-10-27T00:00:00Z https://www.huntress.com/blog/a-cybersecurity-chat-with-syncro https://www.huntress.com/blog/a-cybersecurity-chat-with-syncro Read our webinar recap to learn what Henry Washburn of Huntress and Ian Alexander of Syncro outlined to help MSPs protect SMBs from cybersecurity threats. 2022-10-25T00:00:00Z https://www.huntress.com/blog/making-cybersecurity-accessible-for-women https://www.huntress.com/blog/making-cybersecurity-accessible-for-women We’ve got a problem in cybersecurity that needs to be addressed—and it has to do with accessibility to women. 2022-10-18T00:00:00Z https://www.huntress.com/blog/a-sneak-peek-at-hack-it-2022 https://www.huntress.com/blog/a-sneak-peek-at-hack-it-2022 Our workshop dedicated to hacker tradecraft is back November 14-16. Mark your calendars, sign up today and don't forget your hacker hat! 2022-10-04T00:00:00Z https://www.huntress.com/blog/new-0-day-vulnerabilities-found-in-microsoft-exchange https://www.huntress.com/blog/new-0-day-vulnerabilities-found-in-microsoft-exchange The Huntress team is currently investigating new 0-day vulnerabilities in Microsoft Exchange servers, piggybacking on ProxyShell and ProxyLogon. 2022-09-29T00:00:00Z https://www.huntress.com/blog/bug-bounties-for-the-99 https://www.huntress.com/blog/bug-bounties-for-the-99 Bug bounty programs are everywhere for enterprise organizations. But where does that leave the 99%—those under-resourced small to mid-sized businesses? 2022-09-27T00:00:00Z https://www.huntress.com/blog/back-to-basics-protecting-your-endpoints-with-edr-and-mdr https://www.huntress.com/blog/back-to-basics-protecting-your-endpoints-with-edr-and-mdr Protecting your servers just isn’t enough to keep bad actors out. Protecting the workstation is often an overlooked but critical step to security. 2022-09-20T00:00:00Z https://www.huntress.com/blog/unraveling-a-reverse-shell-with-process-insights https://www.huntress.com/blog/unraveling-a-reverse-shell-with-process-insights Read about our journey to unravel a PowerShell reverse shell—and how our Managed EDR feature tipped us off that something wasn’t right. 2022-09-13T00:00:00Z https://www.huntress.com/blog/checking-the-edr-box-evolving-endpoint-protection-and-the-next-iteration-of-huntress https://www.huntress.com/blog/checking-the-edr-box-evolving-endpoint-protection-and-the-next-iteration-of-huntress Discover how Process Insights brings new managed EDR functionality to The Huntress Managed Security Platform to help you detect cyberattacks as they happen. 2022-08-30T00:00:00Z https://www.huntress.com/blog/how-progressive-computing-combated-a-large-scale-cyberattack https://www.huntress.com/blog/how-progressive-computing-combated-a-large-scale-cyberattack Learn how Progressive Computing fought through a mass-scale attack and came out on the other side scarred, but wiser and stronger. 2022-08-23T00:00:00Z https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy https://www.huntress.com/blog/cleartext-shenanigans-gifting-user-passwords-to-adversaries-with-nppspy We unravel an investigation that details one way threat actors are able to gather cleartext passwords via NPPSPY. 2022-08-16T00:00:00Z https://www.huntress.com/blog/dont-get-schooled-how-to-catch-a-phish https://www.huntress.com/blog/dont-get-schooled-how-to-catch-a-phish This blog explores phishing and smishing, diving into how to analyze text messages for their validity and legitimacy. 2022-08-09T00:00:00Z https://www.huntress.com/blog/huntress-commitment-to-the-cybersecurity-community https://www.huntress.com/blog/huntress-commitment-to-the-cybersecurity-community We founded Huntress with a commitment to elevating the cybersecurity community as a guiding principle. Here are some of the ways we strive to make a difference. 2022-08-02T00:00:00Z https://www.huntress.com/blog/practical-tips-for-conducting-digital-forensics-investigations https://www.huntress.com/blog/practical-tips-for-conducting-digital-forensics-investigations A digital forensics investigation can be tedious. Fortunately, there are some efficient ways that you can still achieve success as an investigator. 2022-07-26T00:00:00Z https://www.huntress.com/blog/behind-the-scenes-crushing-cybercriminals-with-mav https://www.huntress.com/blog/behind-the-scenes-crushing-cybercriminals-with-mav This blog is a follow-up on our How to Crush Cybercriminals with Managed Antivirus webinar. We'll dive deeper through a threat analysis lens. 2022-07-21T00:00:00Z https://www.huntress.com/blog/putting-the-deedee-in-defense-huntress-acquires-curricula https://www.huntress.com/blog/putting-the-deedee-in-defense-huntress-acquires-curricula We're continuing to deliver on our promise to secure the 99% by acquiring Curricula: a story-based security awareness training platform. 2022-07-19T00:00:00Z https://www.huntress.com/blog/introducing-the-huntress-neighborhood-watch-program https://www.huntress.com/blog/introducing-the-huntress-neighborhood-watch-program Learn about Huntress’ Neighborhood Watch Program: a collection of programs and resources designed to help elevate the broader security community. 2022-07-12T00:00:00Z https://www.huntress.com/blog/four-sneaky-attacker-evasion-techniques-you-should-know-about https://www.huntress.com/blog/four-sneaky-attacker-evasion-techniques-you-should-know-about Learn about four of the most prominent attacker evasion techniques that hackers use—and how you can defend your environments against them. 2022-07-05T00:00:00Z https://www.huntress.com/blog/all-in-a-days-work-fighting-log4shell-with-process-insights https://www.huntress.com/blog/all-in-a-days-work-fighting-log4shell-with-process-insights Read how our ThreatOps team used Huntress Managed EDR and Managed Antivirus to stop bad actors who were exploiting Log4Shell vulnerabilities. 2022-06-28T00:00:00Z https://www.huntress.com/blog/diversity-in-security-awareness-training-content https://www.huntress.com/blog/diversity-in-security-awareness-training-content Enhance your organization's security posture with our Diversity Security Awareness Training content. Explore engaging modules designed to foster inclusivity while equipping your team with essential skills to identify and mitigate security threats. 2022-06-22T00:00:00Z https://www.huntress.com/blog/how-to-crush-cybercriminals-with-managed-antivirus https://www.huntress.com/blog/how-to-crush-cybercriminals-with-managed-antivirus Dive into the types of threats we’ve thwarted with Managed Antivirus and how IT teams are seeing more value from making the switch. 2022-06-21T00:00:00Z https://www.huntress.com/blog/scaling-to-protect-the-99 https://www.huntress.com/blog/scaling-to-protect-the-99 Learn about the latest platform changes and updates as Huntress continues to scale to protect the 99%. 2022-06-17T00:00:00Z https://www.huntress.com/blog/triangulation https://www.huntress.com/blog/triangulation This blog dives into triangulation as a guiding concept during investigations and reporting. 2022-06-14T00:00:00Z https://www.huntress.com/blog/recap-navigating-the-nist-cybersecurity-framework https://www.huntress.com/blog/recap-navigating-the-nist-cybersecurity-framework If you follow the NIST cybersecurity framework, you'll ensure that your money is spent on the right areas to build an effective defense strategy. 2022-06-07T00:00:00Z https://www.huntress.com/blog/out-of-sight-top-of-mind-showing-the-hidden-value-of-cybersecurity https://www.huntress.com/blog/out-of-sight-top-of-mind-showing-the-hidden-value-of-cybersecurity It can be difficult to demonstrate the value of cybersecurity when your stack is doing its job. Here is how you can show the hidden value of cybersecurity. 2022-05-31T00:00:00Z https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug A new attack vector enables hackers to more easily compromise users with malicious Microsoft Office documents. 2022-05-30T00:00:00Z https://www.huntress.com/blog/the-mechanics-of-defense-evasion https://www.huntress.com/blog/the-mechanics-of-defense-evasion Continuing our blog series on defense evasion, this blog dives into some practical, real-world examples of defense evasion in action. 2022-05-24T00:00:00Z https://www.huntress.com/blog/how-huntress-protects-smbs https://www.huntress.com/blog/how-huntress-protects-smbs Learn how The Huntress Managed Security Platform is built to equip SMBs with the ability to swiftly and accurately mitigate threats. 2022-05-17T00:00:00Z https://www.huntress.com/blog/huntress-api-is-now-in-public-beta https://www.huntress.com/blog/huntress-api-is-now-in-public-beta Read about our latest addition, API, and how it enables MSPs and IT administrators to monitor, manage and maintain their cybersecurity stack how they want. 2022-05-16T00:00:00Z https://www.huntress.com/blog/evicting-the-adversary https://www.huntress.com/blog/evicting-the-adversary This blog shows how to catch an adversary moving from machine to machine, how to terminate this movement and how to evict the adversary from your network. 2022-05-10T00:00:00Z https://www.huntress.com/blog/one-year-later-lessons-learned-from-the-colonial-pipeline-cyberattack https://www.huntress.com/blog/one-year-later-lessons-learned-from-the-colonial-pipeline-cyberattack We recap some of the lessons we have learned over the past year thanks to the Colonial Pipeline attack. 2022-05-05T00:00:00Z https://www.huntress.com/blog/what-is-defense-evasion https://www.huntress.com/blog/what-is-defense-evasion An introduction to defense evasion as an attack tactic. Read on to explore what defense evasion is and why it’s important to understand how it’s used. 2022-05-03T00:00:00Z https://www.huntress.com/blog/bring-your-own-command-control-byoc2 https://www.huntress.com/blog/bring-your-own-command-control-byoc2 Sometimes hackers can be overly confident in their malware. Take a journey with us through a malware sample that contains no obfuscation whatsoever. 2022-04-26T00:00:00Z https://www.huntress.com/blog/breaking-down-the-nist-cybersecurity-framework https://www.huntress.com/blog/breaking-down-the-nist-cybersecurity-framework A comprehensive guide to the NIST cybersecurity framework, its five main functions and how you can use the NIST framework to improve your cybersecurity posture. 2022-04-14T00:00:00Z https://www.huntress.com/blog/how-huntress-can-complement-not-complicate-your-security-stack https://www.huntress.com/blog/how-huntress-can-complement-not-complicate-your-security-stack Learn why Huntress is built to complement—not complicate—our partners’ daily operations and deliver on our mission to secure the 99%. 2022-04-12T00:00:00Z https://www.huntress.com/blog/product-support-the-huntress-way https://www.huntress.com/blog/product-support-the-huntress-way We explore the third arm of our ThreatOps team—Support—and dive into how the team operates. 2022-04-05T00:00:00Z https://www.huntress.com/blog/whats-your-backup-plan https://www.huntress.com/blog/whats-your-backup-plan This year for World Backup Day, we’ve asked our friends and backup/disaster recovery experts at Servosity to share their best “backup” tips. 2022-03-31T00:00:00Z https://www.huntress.com/blog/a-day-in-the-life-of-a-security-researcher https://www.huntress.com/blog/a-day-in-the-life-of-a-security-researcher Take a behind-the-scenes look at what our security researchers do in this Q&A session. 2022-03-29T00:00:00Z https://www.huntress.com/blog/a-day-in-the-life-of-a-threat-analyst https://www.huntress.com/blog/a-day-in-the-life-of-a-threat-analyst Hop behind the proverbial shoulders of one of our ThreatOps analysts and vicariously experience a day in his life. 2022-03-22T00:00:00Z https://www.huntress.com/blog/what-is-endpoint-detection-and-response https://www.huntress.com/blog/what-is-endpoint-detection-and-response What is endpoint detection and response (EDR) and why is it important? Dive into what EDR is, its history and what to look for in EDR solutions today. 2022-03-15T00:00:00Z https://www.huntress.com/blog/ending-the-culture-of-silence-in-cyber-security https://www.huntress.com/blog/ending-the-culture-of-silence-in-cyber-security Learn how to break the silence in cybersecurity culture and promote open communication to enhance your organization's security posture. 2022-03-14T00:00:00Z https://www.huntress.com/blog/an-inside-look-at-huntress-platform-vision-and-mission https://www.huntress.com/blog/an-inside-look-at-huntress-platform-vision-and-mission In this blog, we get candid about our view of today’s security space. Plus, we share all the details on how and why we build security products the Huntress way. 2022-03-08T00:00:00Z https://www.huntress.com/blog/targeted-apt-activity-babyshark-is-out-for-blood https://www.huntress.com/blog/targeted-apt-activity-babyshark-is-out-for-blood We discovered malicious, targeted advanced persistent threat (APT) activity on a partner's system. Here, we dive into the BABYSHARK malware strain. 2022-03-01T00:00:00Z https://www.huntress.com/blog/nerc-cip-cyber-security-awareness-program https://www.huntress.com/blog/nerc-cip-cyber-security-awareness-program CIP-004 R1 requires a NERC CIP Cyber Security Awareness Program for NERC entities. Low Impact Security Awareness Program requirement will also be discussed. 2022-02-22T00:00:00Z https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection https://www.huntress.com/blog/hackers-no-hashing-randomizing-api-hashes-to-evade-cobalt-strike-shellcode-detection Hackers could be outsmarting preventive tools by making trivial changes to default settings. We dive into our research in this blog. 2022-02-16T00:00:00Z https://www.huntress.com/blog/balancing-the-scales-of-cybersecurity-and-insurance https://www.huntress.com/blog/balancing-the-scales-of-cybersecurity-and-insurance As the importance of cybersecurity insurance grows, we examine how insurance policies have influenced cybersecurity stacks and visa versa. 2022-02-09T00:00:00Z https://www.huntress.com/blog/leaving-the-silo-msp-vendors-give-back https://www.huntress.com/blog/leaving-the-silo-msp-vendors-give-back Learn the latest about our initiative with the Dutch Institute for Vulnerability Disclosure and how you can get involved. 2022-02-03T00:00:00Z https://www.huntress.com/blog/what-is-managed-detection-and-response https://www.huntress.com/blog/what-is-managed-detection-and-response What is managed detection and response (MDR) and why is it so important? Dive into the benefits of MDR services and how it can address critical security gaps. 2022-02-01T00:00:00Z https://www.huntress.com/blog/threat-recap-process-insights-trial-by-fire https://www.huntress.com/blog/threat-recap-process-insights-trial-by-fire See how Huntress Managed Endpoint Detection and Response (EDR) helped combat follow-on attacks against VMware Horizon servers in real-time. 2022-01-25T00:00:00Z https://www.huntress.com/blog/a-journey-back-to-the-world-of-msp-security https://www.huntress.com/blog/a-journey-back-to-the-world-of-msp-security Dima Kumets explains why he wanted to make his way back to the world of MSP security—and how he ended up as a Principal Product Manager at Huntress. 2022-01-20T00:00:00Z https://www.huntress.com/blog/a-beginners-guide-to-phishing-simulation-training-for-employees https://www.huntress.com/blog/a-beginners-guide-to-phishing-simulation-training-for-employees Learn the essentials of phishing simulation training with our beginner's guide. Protect your organization by simulating real phishing attacks. 2022-01-19T00:00:00Z https://www.huntress.com/blog/hot-takes-and-cyber-predictions-for-2022 https://www.huntress.com/blog/hot-takes-and-cyber-predictions-for-2022 What cybersecurity trends will we see in this new year? In this blog, we share some hot takes and predictions for 2022. 2022-01-18T00:00:00Z https://www.huntress.com/blog/cybersecurity-advisory-vmware-horizon-servers-actively-being-hit-with-cobalt-strike https://www.huntress.com/blog/cybersecurity-advisory-vmware-horizon-servers-actively-being-hit-with-cobalt-strike Huntress is monitoring an incident in which VMware Horizon Servers are being hit with Cobalt Strike. Read our up-to-date blog to learn more. 2022-01-15T00:00:00Z https://www.huntress.com/blog/ransomware-canaries-a-2022-update https://www.huntress.com/blog/ransomware-canaries-a-2022-update Read about the exciting new updates to our Ransomware Canaries service. 2022-01-14T00:00:00Z https://www.huntress.com/blog/huntress-donates-100000-to-divd-bug-bounty-program https://www.huntress.com/blog/huntress-donates-100000-to-divd-bug-bounty-program We believe it’s time for MSP vendors to level up cybersecurity community efforts, so we’re taking the first step with a $100,000 contribution to DIVD. 2022-01-11T00:00:00Z https://www.huntress.com/blog/2021-in-review-and-other-horror-stories https://www.huntress.com/blog/2021-in-review-and-other-horror-stories We recap some of the cybersecurity trends and events in 2021 to prepare for the new year. 2022-01-05T00:00:00Z https://www.huntress.com/blog/making-the-switch-to-huntress-managed-antivirus-partner-perspectives https://www.huntress.com/blog/making-the-switch-to-huntress-managed-antivirus-partner-perspectives Our partners at United Systems and F1 Solutions talk about their respective journeys with our Managed Microsoft Defender solution. 2021-12-21T00:00:00Z https://www.huntress.com/blog/texas-hb-3834-cyber-security-awareness-training-requirements https://www.huntress.com/blog/texas-hb-3834-cyber-security-awareness-training-requirements Here's how to meet the Texas HB 3834 compliance requirement for a cybersecurity awareness training program for all contractors and employees. 2021-12-20T00:00:00Z https://www.huntress.com/blog/the-year-from-hell-plus-log4shell-a-tradecraft-tuesday-recap https://www.huntress.com/blog/the-year-from-hell-plus-log4shell-a-tradecraft-tuesday-recap We recap our December 2021 episode of Tradecraft Tuesday where we dive into the Log4Shell vulnerability. 2021-12-17T00:00:00Z https://www.huntress.com/blog/ditching-fud-for-fun-in-security-awareness-training https://www.huntress.com/blog/ditching-fud-for-fun-in-security-awareness-training Learn how to make security awareness training enjoyable and effective by ditching fear, uncertainty, and doubt (FUD) in the Huntress Blog. 2021-12-14T00:00:00Z https://www.huntress.com/blog/critical-rce-vulnerability-log4j-cve-2021-44228 https://www.huntress.com/blog/critical-rce-vulnerability-log4j-cve-2021-44228 Our team is currently investigating CVE-2021-44228, a critical vulnerability that’s affecting a Java logging package. 2021-12-10T00:00:00Z https://www.huntress.com/blog/rapid-response-critical-rce-vulnerability-is-affecting-java https://www.huntress.com/blog/rapid-response-critical-rce-vulnerability-is-affecting-java Read about how our team investigated CVE-2021-44228, a critical vulnerability that was affecting a Java logging package. 2021-12-10T00:00:00Z https://www.huntress.com/blog/dollars-and-sense-the-true-value-of-a-human-threatops-team https://www.huntress.com/blog/dollars-and-sense-the-true-value-of-a-human-threatops-team Automation is great—but when it comes to threat detection and analysis, it doesn’t replace the need for human expertise. 2021-12-07T00:00:00Z https://www.huntress.com/blog/is-there-a-right-way-to-set-up-two-factor-authentication https://www.huntress.com/blog/is-there-a-right-way-to-set-up-two-factor-authentication In this blog, we aim to answer the question: how easy is it for hackers to circumvent two-factor authentication? We look at their tricks to learn the best way to set up 2FA. 2021-11-30T00:00:00Z https://www.huntress.com/blog/investigating-unauthorized-access-huntress-qa-environment-incident https://www.huntress.com/blog/investigating-unauthorized-access-huntress-qa-environment-incident Learn about our investigation regarding unauthorized access to our QA and product testing environment. 2021-11-17T00:00:00Z https://www.huntress.com/blog/how-ransomware-works-and-why-its-a-hacker-favorite https://www.huntress.com/blog/how-ransomware-works-and-why-its-a-hacker-favorite Ransomware marks a lucrative business in today’s cyber-driven world. Learn more about ransomware and why it’s a favorite among hackers. 2021-11-09T00:00:00Z https://www.huntress.com/blog/top-tips-and-takeaways-from-hack-it-2021-2 https://www.huntress.com/blog/top-tips-and-takeaways-from-hack-it-2021-2 It’s amazing what you can learn by thinking like a hacker! We share our top tips and takeaways from our third hack_it security training event. 2021-11-02T00:00:00Z https://www.huntress.com/blog/vulnerabilities-and-information-disclosure-in-msp-survey-software https://www.huntress.com/blog/vulnerabilities-and-information-disclosure-in-msp-survey-software We discovered an information disclosure vulnerability in survey software designed for MSPs. We detail how we worked with the Crewhu team to responsibly disclose and remedy the vulnerability. 2021-10-28T00:00:00Z https://www.huntress.com/blog/evolving-the-hunt-host-isolation-for-smarter-defense https://www.huntress.com/blog/evolving-the-hunt-host-isolation-for-smarter-defense Learn about Host Isolation, a new feature that's just been added to The Huntress Security Platform. 2021-10-26T00:00:00Z https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware Huntress discovered threat actors abusing a blind SQL injection vulnerability in BillQuick Web Suite. Follow our analysis and latest findings in this blog. 2021-10-22T00:00:00Z https://www.huntress.com/blog/new-faces-and-features-to-help-you-evolve-the-hunt https://www.huntress.com/blog/new-faces-and-features-to-help-you-evolve-the-hunt Learn about Huntress’ newest platform and service updates, including Managed Antivirus, Host Isolation and 24/7 ThreatOps coverage. 2021-10-12T00:00:00Z https://www.huntress.com/blog/managed-antivirus-is-here https://www.huntress.com/blog/managed-antivirus-is-here After months of rigorous beta testing, we’re excited to announce the addition of our Managed Antivirus service to the Huntress Security Platform. 2021-10-06T00:00:00Z https://www.huntress.com/blog/top-4-tips-for-cybersecurity-awareness-month https://www.huntress.com/blog/top-4-tips-for-cybersecurity-awareness-month In honor of National Cybersecurity Awareness Month, here are four critical tips to help you take both your cybersecurity hygiene and knowledge up a notch. 2021-10-05T00:00:00Z https://www.huntress.com/blog/free-training-tool-for-unlocked-computers https://www.huntress.com/blog/free-training-tool-for-unlocked-computers Teach employees not to leave computers unlocked with this tool by Huntress, the fun cyber security awareness training provider. 2021-10-04T00:00:00Z https://www.huntress.com/blog/learn-to-think-like-a-hacker-at-hack-it-2021-2 https://www.huntress.com/blog/learn-to-think-like-a-hacker-at-hack-it-2021-2 Do you have what it takes to hack_it? Read on for a sneak peek into our upcoming hack_it event and how it can help you better understand how hackers use their skills against you. 2021-09-29T00:00:00Z https://www.huntress.com/blog/the-top-four-cves-attackers-exploit https://www.huntress.com/blog/the-top-four-cves-attackers-exploit Learn about the top four Common Vulnerabilities and Exposures (CVEs) attackers are exploiting—and how you can defend against them. 2021-09-21T00:00:00Z https://www.huntress.com/blog/should-we-be-playing-offense-or-defense-in-cybersecurity https://www.huntress.com/blog/should-we-be-playing-offense-or-defense-in-cybersecurity In this blog, we debate which is the best approach for IT professionals to beat hackers: offensive cybersecurity or defensive cybersecurity. 2021-09-14T00:00:00Z https://www.huntress.com/blog/cybersecurity-advisory-hackers-are-exploiting-cve-2021-40444 https://www.huntress.com/blog/cybersecurity-advisory-hackers-are-exploiting-cve-2021-40444 Huntress is monitoring a new threat against Windows OS and Microsoft Office products (CVE-2021-40444). The MSHTML engine is vulnerable to arbitrary code execution. 2021-09-09T00:00:00Z https://www.huntress.com/blog/malware-deep-dive-investigating-a-foothold-and-uncovering-the-payload https://www.huntress.com/blog/malware-deep-dive-investigating-a-foothold-and-uncovering-the-payload In this blog, read along as we investigate a malicious foothold and decode the payload step by step. 2021-09-07T00:00:00Z https://www.huntress.com/blog/proxyshell-vs-proxylogon-whats-the-difference https://www.huntress.com/blog/proxyshell-vs-proxylogon-whats-the-difference We clarify the differences between the ProxyShell (August 2021) and the ProxyLogon (March 2021) exploits impacting Microsoft Exchange on-premises servers. 2021-08-26T00:00:00Z https://www.huntress.com/blog/bullseye-a-story-of-a-targeted-cyberattack https://www.huntress.com/blog/bullseye-a-story-of-a-targeted-cyberattack Dive into a cyber threat analysis that details a sneaky enabler of a targeted cyberattack: persistence. 2021-08-24T00:00:00Z https://www.huntress.com/blog/rapid-response-microsoft-exchange-servers-still-vulnerable-to-proxyshell-exploit https://www.huntress.com/blog/rapid-response-microsoft-exchange-servers-still-vulnerable-to-proxyshell-exploit Attackers are scanning for vulnerable Microsoft Exchange servers and abusing the latest line of Exchange vulnerabilities that were patched in early 2021. 2021-08-19T00:00:00Z https://www.huntress.com/blog/snakes-on-a-domain-an-analysis-of-a-python-malware-loader https://www.huntress.com/blog/snakes-on-a-domain-an-analysis-of-a-python-malware-loader Join us on a threat analysis journey as we discover a very shady Python—and a very friendly RAT. 2021-08-17T00:00:00Z https://www.huntress.com/blog/a-brief-evolution-of-hacker-tradecraft https://www.huntress.com/blog/a-brief-evolution-of-hacker-tradecraft What can we learn from studying cybercriminals? Here’s a brief history of how hackers are evolving their tradecraft and attack tactics. 2021-08-11T00:00:00Z https://www.huntress.com/blog/breaking-down-the-cost-of-cybersecurity https://www.huntress.com/blog/breaking-down-the-cost-of-cybersecurity Learn about the costs of cybersecurity—and the risks of not having the right security stack—in this blog. 2021-08-05T00:00:00Z https://www.huntress.com/blog/a-recap-of-events-and-lessons-learned-during-the-kaseya-vsa-supply-chain-attack https://www.huntress.com/blog/a-recap-of-events-and-lessons-learned-during-the-kaseya-vsa-supply-chain-attack The Huntress team recaps what happened during the Kaseya VSA supply chain attack—and what we can learn from it. 2021-07-28T00:00:00Z https://www.huntress.com/blog/the-age-of-rapid-response-managed-detection-and-response https://www.huntress.com/blog/the-age-of-rapid-response-managed-detection-and-response We teamed up with our partners at Magna5 to talk about providing real-time prevention, detection and response. 2021-07-26T00:00:00Z https://www.huntress.com/blog/why-persistence-is-a-staple-for-todays-hackers https://www.huntress.com/blog/why-persistence-is-a-staple-for-todays-hackers Learn how hackers use persistence to gain—and keep—access to your virtual environments. 2021-07-21T00:00:00Z https://www.huntress.com/blog/security-researchers-hunt-to-discover-origins-of-the-kaseya-vsa-mass-ransomware-incident https://www.huntress.com/blog/security-researchers-hunt-to-discover-origins-of-the-kaseya-vsa-mass-ransomware-incident Our Security Researchers discuss how hackers executed the Kaseya VSA supply chain attack—and why the blast radius of the incident was relatively limited. 2021-07-20T00:00:00Z https://www.huntress.com/blog/experts-weigh-in-on-the-state-of-email-based-threats https://www.huntress.com/blog/experts-weigh-in-on-the-state-of-email-based-threats Cybersecurity experts John Hammond and Sébastien Goutal provide insider insight on the current state of phishing, ransomware and email-based attacks. 2021-07-14T00:00:00Z https://www.huntress.com/blog/the-huntress-vsa-vaccine-acting-like-hackers-to-protect-our-partners https://www.huntress.com/blog/the-huntress-vsa-vaccine-acting-like-hackers-to-protect-our-partners In this blog, we share details on the vaccine Huntress deployed to our partners to protect them from being infected by the Kaseya VSA ransomware attack. 2021-07-13T00:00:00Z https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident Huntress is tracking a critical ransomware incident affecting MSPs and their customers, caused by a sophisticated Kaseya VSA supply chain attack. 2021-07-03T00:00:00Z https://www.huntress.com/blog/critical-vulnerability-printnightmare-exposes-windows-servers-to-remote-code-execution https://www.huntress.com/blog/critical-vulnerability-printnightmare-exposes-windows-servers-to-remote-code-execution Huntress is aware of PrintNightmare, a critical RCE and local privilege escalation vulnerability. This serious security flaw affects many Windows servers. 2021-06-30T00:00:00Z https://www.huntress.com/blog/reducing-cyber-risk-and-liability-with-managed-threat-detection https://www.huntress.com/blog/reducing-cyber-risk-and-liability-with-managed-threat-detection Providing cybersecurity services involves some risk and liability. Learn why managed detection and response could be the key to lowering your cyber risk. 2021-06-22T00:00:00Z https://www.huntress.com/blog/threatops-analysis-keyed-malware https://www.huntress.com/blog/threatops-analysis-keyed-malware Dive into a threat analysis with us as we dissect a PowerShell command with an environmentally keyed malware payload. 2021-06-15T00:00:00Z https://www.huntress.com/blog/creating-a-better-why-for-cyber-security-awareness-training https://www.huntress.com/blog/creating-a-better-why-for-cyber-security-awareness-training Understand the importance of cybersecurity awareness training and how it can significantly reduce risks in your organization. 2021-06-15T00:00:00Z https://www.huntress.com/blog/how-are-hackers-sneaking-past-your-automated-systems https://www.huntress.com/blog/how-are-hackers-sneaking-past-your-automated-systems Today’s hackers know how to outsmart automation and evade detection. Learn how managed threat detection and response can help you fight back. 2021-06-09T00:00:00Z https://www.huntress.com/blog/discovering-a-ransomware-remedy-in-the-wild https://www.huntress.com/blog/discovering-a-ransomware-remedy-in-the-wild Our ThreatOps team details stumbling across Raccine, a ransomware remedy that works by hooking onto IFEO debuggers, for the first time. 2021-06-08T00:00:00Z https://www.huntress.com/blog/how-a-college-student-lost-10-000-to-the-irs https://www.huntress.com/blog/how-a-college-student-lost-10-000-to-the-irs In this testimonial, learn firsthand from one of our Security Awareness Consultants at Curricula about how a fake IRS phishing scam worked on one student. 2021-06-03T00:00:00Z https://www.huntress.com/blog/endpoint-protection-promises-vs-reality https://www.huntress.com/blog/endpoint-protection-promises-vs-reality An in-depth look at the differences between AV, NGAV and EDR. We’ll explore the promises endpoint protection tools make vs. their ability to keep them. 2021-06-01T00:00:00Z https://www.huntress.com/blog/understanding-your-smb-clients-cybersecurity-needs https://www.huntress.com/blog/understanding-your-smb-clients-cybersecurity-needs SMBs need more advanced cybersecurity. Learn about the tools you need to help guide your clients toward better threat detection and response. 2021-05-27T00:00:00Z https://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware https://www.huntress.com/blog/cobalt-strike-analysis-of-obfuscated-malware Join us for a threat hunting adventure as we analyze a suspicious run key that leads us to Cobalt Strike malware hidden across nearly 700 registry values. 2021-05-25T00:00:00Z https://www.huntress.com/blog/cybersecurity-insurance-perspective-on-ransomware https://www.huntress.com/blog/cybersecurity-insurance-perspective-on-ransomware Explore the impact of ransomware on cybersecurity insurance. Learn how insurance providers are adapting and what organizations need to know to stay protected. 2021-05-25T00:00:00Z https://www.huntress.com/blog/7-takeaways-from-the-34-page-executive-order-on-improving-the-nations-cybersecurity https://www.huntress.com/blog/7-takeaways-from-the-34-page-executive-order-on-improving-the-nations-cybersecurity President Biden signed a 34-page Executive Order aimed at strengthening the nation’s cybersecurity standards. Here are the top seven takeaways. 2021-05-18T00:00:00Z https://www.huntress.com/blog/whats-the-real-cost-of-cybersecurity-for-your-smb-clients https://www.huntress.com/blog/whats-the-real-cost-of-cybersecurity-for-your-smb-clients As hackers get smarter, you must evolve your approach to threat detection and response. Learn how to protect your clients with threat intelligence tools. 2021-05-12T00:00:00Z https://www.huntress.com/blog/huntress-series-b-our-next-chapter-of-growth https://www.huntress.com/blog/huntress-series-b-our-next-chapter-of-growth We’ve been focused on expanding our platform and helping you better protect your customers. And we’re just getting started. 2021-05-06T00:00:00Z https://www.huntress.com/blog/from-powershell-to-payload-an-analysis-of-weaponized-malware https://www.huntress.com/blog/from-powershell-to-payload-an-analysis-of-weaponized-malware In this blog, we look at some malicious PowerShell code breadcrumbs that one hacker left behind to unravel how they maintained access during a cyberattack. 2021-05-04T00:00:00Z https://www.huntress.com/blog/scale-your-security-operations-with-confidence https://www.huntress.com/blog/scale-your-security-operations-with-confidence Are you ready to scale your MSP or SMB? Level up your threat detection and response so you can focus on what's important: your business. 2021-04-29T00:00:00Z https://www.huntress.com/blog/emerging-cybersecurity-trends-that-may-impact-your-smb-clients https://www.huntress.com/blog/emerging-cybersecurity-trends-that-may-impact-your-smb-clients Keep your MSP armed and ready for attacks, hacks and data breaches with the latest trends in cybersecurity. 2021-04-13T00:00:00Z https://www.huntress.com/blog/what-is-a-persistent-foothold https://www.huntress.com/blog/what-is-a-persistent-foothold We hunt for persistent footholds, but what exactly does that mean? In this blog, we define what a foothold is and why it's a hacker favorite. 2021-04-06T00:00:00Z https://www.huntress.com/blog/top-takeaways-from-hack-it-2021 https://www.huntress.com/blog/top-takeaways-from-hack-it-2021 A recap of hack_it 2021, a virtual security training event packed with interactive exercises, malware analysis, hacking workshops and more. 2021-03-31T00:00:00Z https://www.huntress.com/blog/how-hackers-exploit-windows-administrative-shares https://www.huntress.com/blog/how-hackers-exploit-windows-administrative-shares Windows' administrative shares feature is often overlooked by users, but not by hackers. Learn how attackers abuse administrative shares to propagate. 2021-03-23T00:00:00Z https://www.huntress.com/blog/abusing-ngrok-hackers-at-the-end-of-the-tunnel https://www.huntress.com/blog/abusing-ngrok-hackers-at-the-end-of-the-tunnel At the end of this tunnel, we find some shady hackers using ngrok to gain remote control access to victim networks. 2021-03-16T00:00:00Z https://www.huntress.com/blog/peeling-back-the-layers-of-net-malware https://www.huntress.com/blog/peeling-back-the-layers-of-net-malware Hackers always try to cover up their tracks. In this blog, we step through layers of obfuscation to uncover the real intent of a .NET malware sample. 2021-03-09T00:00:00Z https://www.huntress.com/blog/rapid-response-mass-exploitation-of-on-prem-exchange-servers https://www.huntress.com/blog/rapid-response-mass-exploitation-of-on-prem-exchange-servers On-prem Microsoft Exchange Server vulnerabilities are being actively exploited in the wild. Read our blog for Huntress' most up-to-date research and IOCs. 2021-03-03T00:00:00Z https://www.huntress.com/blog/what-is-human-powered-threat-hunting https://www.huntress.com/blog/what-is-human-powered-threat-hunting In this blog, we define what threat hunting is, the differences between human analysis and automation, plus an example of human-powered threat hunting. 2021-03-02T00:00:00Z https://www.huntress.com/blog/zero-day-vulnerabilities-in-popular-event-management-platforms-could-leave-msps-open-to-attack https://www.huntress.com/blog/zero-day-vulnerabilities-in-popular-event-management-platforms-could-leave-msps-open-to-attack We unveil zero-day vulnerabilities we discovered in virtual event platforms used in MSP/Fortune 500 communities, plus some insight on supply chain attacks. 2021-02-23T00:00:00Z https://www.huntress.com/blog/cybersecurity-education-the-key-to-outsmarting-hackers https://www.huntress.com/blog/cybersecurity-education-the-key-to-outsmarting-hackers In cybersecurity, education and training are the key to winning. Read our blog to learn how you can grow your skills through continuous security education. 2021-02-16T00:00:00Z https://www.huntress.com/blog/malware-deep-dive-examining-a-powershell-payload https://www.huntress.com/blog/malware-deep-dive-examining-a-powershell-payload To avoid detection, hackers often turn a system’s own tools against itself. Here, we examine a malicious payload that was executed using PowerShell. 2021-02-09T00:00:00Z https://www.huntress.com/blog/huntress-service-managed-antivirus https://www.huntress.com/blog/huntress-service-managed-antivirus Read about Huntress’ Managed Antivirus service and how it enables MSPs and IT admins to strengthen endpoint protection and rebalance their cyber stack. 2021-01-26T00:00:00Z https://www.huntress.com/blog/why-microsoft-defender-antivirus-is-worth-another-look https://www.huntress.com/blog/why-microsoft-defender-antivirus-is-worth-another-look Microsoft Defender Antivirus is among one of the leading antivirus contenders. Here’s why it’s worth taking another look at Defender AV. 2021-01-19T00:00:00Z https://www.huntress.com/blog/malware-under-the-microscope-manual-analysis https://www.huntress.com/blog/malware-under-the-microscope-manual-analysis Learn manual malware analysis techniques used by threat researchers. Explore static & dynamic analysis, reverse engineering tools, and real-world investigation methods. 2021-01-12T00:00:00Z https://www.huntress.com/blog/redefining-beta https://www.huntress.com/blog/redefining-beta At Huntress, beta means learning. Our goal is to accelerate and streamline security defense, which means releasing what we’re working on often. 2020-12-29T00:00:00Z https://www.huntress.com/blog/top-hacker-tradecraft-that-caught-our-eye-in-2020 https://www.huntress.com/blog/top-hacker-tradecraft-that-caught-our-eye-in-2020 We take a look back at some of the more interesting — and innovative — hacker tradecraft we saw over the course of 2020. 2020-12-22T00:00:00Z https://www.huntress.com/blog/annual-security-awareness-training-is-a-waste-of-time https://www.huntress.com/blog/annual-security-awareness-training-is-a-waste-of-time Annual security awareness training is a waste of time. We discuss why an ongoing security awareness program is required to protect against cyber threats. 2020-12-17T00:00:00Z https://www.huntress.com/blog/rapid-response-supply-chain-exploitation-of-solarwinds-orion-software https://www.huntress.com/blog/rapid-response-supply-chain-exploitation-of-solarwinds-orion-software Huntress covers the breaking news about Solarwinds’ Orion platform being exploited as part of a coordinated attack to distribute malware. 2020-12-14T00:00:00Z https://www.huntress.com/blog/rapid-response-trickboot https://www.huntress.com/blog/rapid-response-trickboot TrickBot has unleashed yet another module in its growing arsenal specifically targeting firmware vulnerabilities, named TrickBoot. 2020-12-02T00:00:00Z https://www.huntress.com/blog/i-have-a-lot-to-be-thankful-for-in-2020 https://www.huntress.com/blog/i-have-a-lot-to-be-thankful-for-in-2020 Huntress CEO Kyle Hanslovan has a lot to be thankful for in 2020 — and it starts with the MSP community. 2020-11-27T00:00:00Z https://www.huntress.com/blog/tried-and-true-hacker-technique-dos-obfuscation https://www.huntress.com/blog/tried-and-true-hacker-technique-dos-obfuscation In this blog, we dissect a sample of malware that makes clever use of batch scripting obfuscation—turns out it was a launcher for TrickBot! 2020-11-24T00:00:00Z https://www.huntress.com/blog/huntress-service-partner-enablement https://www.huntress.com/blog/huntress-service-partner-enablement Even the best cybersecurity tools won’t configure and sell themselves. That's why we're thrilled to introduce a new Huntress service: Partner Enablement! 2020-11-18T00:00:00Z https://www.huntress.com/blog/cybersecurity-lessons-we-learned-from-hack-it-2020 https://www.huntress.com/blog/cybersecurity-lessons-we-learned-from-hack-it-2020 A recap of hack_it 2020, a virtual security training event packed with interactive exercises, malware research and analysis, and more. 2020-10-22T00:00:00Z https://www.huntress.com/blog/phishing-office-365-and-the-commercialization-of-cybercrime https://www.huntress.com/blog/phishing-office-365-and-the-commercialization-of-cybercrime Hackers getting better at their tradecraft and their skills are becoming more and more accessible to other bad actors via the Dark Web. 2020-09-17T00:00:00Z https://www.huntress.com/blog/hiding-in-plain-sight-part-2 https://www.huntress.com/blog/hiding-in-plain-sight-part-2 As a follow-up to our previous post, we recently uncovered a really peculiar piece of malware that works through a lot of different layers of abstraction. 2020-08-20T00:00:00Z https://www.huntress.com/blog/huntress-service-external-recon https://www.huntress.com/blog/huntress-service-external-recon Read about the value of Huntress' External Recon service, which highlights open ports and services that are exposed to the Internet. 2020-07-21T00:00:00Z https://www.huntress.com/blog/huntress-service-ransomware-canaries https://www.huntress.com/blog/huntress-service-ransomware-canaries Read about the value of Huntress' Ransomware Canaries service, a mechanism to deliver faster detection of a ransomware incident. 2020-06-24T00:00:00Z https://www.huntress.com/blog/evolving-the-hunt https://www.huntress.com/blog/evolving-the-hunt At Huntress, our goal is not only to chase after changing threats but to remove obstacles that get in the way of new security innovation. 2020-06-22T00:00:00Z https://www.huntress.com/blog/hiding-in-plain-sight https://www.huntress.com/blog/hiding-in-plain-sight There’s no end to the stealthy ways in which attackers develop and execute their tradecraft. In this case, it's as simple as hiding in plain sight. 2020-06-18T00:00:00Z https://www.huntress.com/blog/the-impact-of-data-breaches-on-our-society https://www.huntress.com/blog/the-impact-of-data-breaches-on-our-society How do we calculate the total impact of a data breach? Visit the Huntress Blog to learn more about how cyber security awareness training can help to mitigate risk. 2020-06-12T00:00:00Z https://www.huntress.com/blog/how-one-criminal-attempted-to-sell-an-msp-on-the-dark-web https://www.huntress.com/blog/how-one-criminal-attempted-to-sell-an-msp-on-the-dark-web In a rare encounter, we found ourselves directly interacting with a cybercriminal that took us down a dark web rabbit hole. 2020-02-04T00:00:00Z https://www.huntress.com/blog/validating-the-solarwinds-n-central-dumpster-diver-vulnerability-5e3a045982e5 https://www.huntress.com/blog/validating-the-solarwinds-n-central-dumpster-diver-vulnerability-5e3a045982e5 Read more about Huntress validating the SolarWinds N-central “Dumpster Diver” Vulnerability. 2020-01-24T16:00:00Z https://www.huntress.com/blog/validating-the-bishop-fox-findings-in-connectwise-control https://www.huntress.com/blog/validating-the-bishop-fox-findings-in-connectwise-control The Huntress team validates eight vulnerabilities found in ConnectWise Control that ranged from low to high severity. 2020-01-22T00:00:00Z https://www.huntress.com/blog/assisted-remediation-in-action https://www.huntress.com/blog/assisted-remediation-in-action Learn how Huntress helped an MSP partner contain and remediate an Emotet/TrickBot infection with Assisted Remediation. 2019-11-15T00:00:00Z https://www.huntress.com/blog/huntress-development-updating-the-updater-e6ed9718a2a9 https://www.huntress.com/blog/huntress-development-updating-the-updater-e6ed9718a2a9 If you’ve ever taken a look inside the Huntress Agent directory you may have noticed the file wyUpdate.exe. 2019-10-03T15:00:00Z https://www.huntress.com/blog/keeping-up-with-bluekeep-d0676b976841 https://www.huntress.com/blog/keeping-up-with-bluekeep-d0676b976841 Remote Desktop Services (RDS) benefit employees and IT administrators alike. With employees often working from anywhere, remote desktop reduces the physical burden of carrying a work laptop home 🏠. It also makes updating and managing systems easier, which can alleviate the administrative burden when handling a large network. 2019-06-04T16:00:00Z https://www.huntress.com/blog/deep-dive-a-lnk-in-the-chain-6c0d1072160d https://www.huntress.com/blog/deep-dive-a-lnk-in-the-chain-6c0d1072160d Read this blog to learn more about what the Huntress team discovered with LNK. 2019-05-30T17:00:00Z https://www.huntress.com/blog/incident-education-sales-ammo-for-the-it-arsenal-fea784026fe8 https://www.huntress.com/blog/incident-education-sales-ammo-for-the-it-arsenal-fea784026fe8 As a technical founder of a product startup, I’m as anti-FUD as it gets. However, the past three years have taught me how education can be a snake-oil free alternative. 2019-05-16T17:00:00Z https://www.huntress.com/blog/faq-asus-liveupdate-attack-operation-shadowhammer-9fc9c03b2da9 https://www.huntress.com/blog/faq-asus-liveupdate-attack-operation-shadowhammer-9fc9c03b2da9 Periodically, a large scale cybersecurity issue requires “all hands on deck” from the Huntress Team (see WannaCry, Kaseya Cryptominer, GANDGRAB outbreak). The unfolding ASUS Live Update fiasco also happens to be one of those moments. We’ve created this blog is to provide simple answers to a complex supply chain attack affecting global IT Departments. 2019-03-26T05:00:00Z https://www.huntress.com/blog/cve-2017-18362-arbitrary-sql-injection-in-mangeditsync-integration-ba142ff24f4d https://www.huntress.com/blog/cve-2017-18362-arbitrary-sql-injection-in-mangeditsync-integration-ba142ff24f4d A vulnerability was discovered and disclosed in late 2017 that affected the ConnectWise ManagedITSync integration, designed to sync data between the ConnectWise Manage PSA and the Kaseya VSA RMM. 2019-02-08T14:00:00Z https://www.huntress.com/blog/failing-to-revive-autoexec-bat-on-windows-7-10-ca9955177e83 https://www.huntress.com/blog/failing-to-revive-autoexec-bat-on-windows-7-10-ca9955177e83 Does AUTOEXEC.BAT still run on modern Windows? We test Windows 7/10, explore registry persistence, and revisit how attackers maintain access today. 2018-12-30T21:00:00Z https://www.huntress.com/blog/distrusting-symantec-issued-certificates-b8bcb332fd22 https://www.huntress.com/blog/distrusting-symantec-issued-certificates-b8bcb332fd22 Read more about security updates to the Huntress platform. 2018-09-06T20:00:00Z https://www.huntress.com/blog/attackers-abuse-trust-with-indirection-e8addc1ba8f https://www.huntress.com/blog/attackers-abuse-trust-with-indirection-e8addc1ba8f Preventive security products like antivirus have made major strides in their ability to detect malicious behaviors as opposed to weak/static signatures. When implemented properly, these heuristics are capable of discovering even the most cleverly obfuscated routines. But don’t ring the victory bells yet. This cat-and-mouse game is just getting started… 2018-08-16T20:00:00Z https://www.huntress.com/blog/ask-huntress-fake-xps-invoice-leading-to-credential-phishing-page-a79e21e93dc0 https://www.huntress.com/blog/ask-huntress-fake-xps-invoice-leading-to-credential-phishing-page-a79e21e93dc0 Explore this phishing campaign used the age-old “Please remit payment” spiel to lure potential victims into opening the attached file. 2018-07-17T19:00:00Z https://www.huntress.com/blog/understanding-potentially-unwanted-programs-part-i-its-not-always-malware-6383d625265e https://www.huntress.com/blog/understanding-potentially-unwanted-programs-part-i-its-not-always-malware-6383d625265e Regardless of your daily duties, we’ve all encountered annoying ads, unwanted pop-ups, or generically named rogue applications. These nuisances, commonly called Potentially Unwanted Programs (PUP), are often unknowingly installed when downloading free software. 2018-05-29T20:00:00Z https://www.huntress.com/blog/deep-dive-kaseya-vsa-mining-payload-c0ac839a0e88 https://www.huntress.com/blog/deep-dive-kaseya-vsa-mining-payload-c0ac839a0e88 For many of us in the Managed Services Provider market, we were rocked with news of a vulnerability in Kaseya’s VSA product. The purpose of this blog is to shine technical light on what the Huntress ThreatOps team observed and analyzed thus far. 2018-01-30T07:00:00Z https://www.huntress.com/blog/huntress-labs-to-host-hands-on-hacking-windows-training-for-msps-at-it-nation-afe8681c1192 https://www.huntress.com/blog/huntress-labs-to-host-hands-on-hacking-windows-training-for-msps-at-it-nation-afe8681c1192 IT Nation 2016 ended on a high note for Huntress Labs as we were named the “Best Newcomer” in the Partner Choice Awards. Now, as this year’s event quickly approaches, we are excited to continue our momentum. 2017-11-07T15:00:00Z https://www.huntress.com/blog/abusing-trusted-applications-with-nested-execution https://www.huntress.com/blog/abusing-trusted-applications-with-nested-execution Recently, my co-founders gave a talk at DerbyCon 7.0 on evading common persistence enumeration tools. Evasion using trusted applications has been a hot topic of discussion within the infosec community and is one of the techniques they covered in their presentation. However, very little discussion exists on why these matter or the steps researchers take to find “hosting” applications. 2017-10-02T13:00:00Z https://www.huntress.com/blog/msp-moment-worming-malware-brings-new-complexities-to-the-threat-landscape-442f3d147acb https://www.huntress.com/blog/msp-moment-worming-malware-brings-new-complexities-to-the-threat-landscape-442f3d147acb Over the past month, the Emotet family of malware has re-emerged as a formidable piece of crimeware, thanks to its new self-propagation techniques (undoubtedly inspired by the success of WannaCry and Petya). 2017-08-25T14:00:00Z https://www.huntress.com/blog/redosdru-encrypting-dll-payloads-to-avoid-on-disk-signatures-c403b3159485 https://www.huntress.com/blog/redosdru-encrypting-dll-payloads-to-avoid-on-disk-signatures-c403b3159485 Dive deep into Redosdru malware analysis, unpacking encrypted DLLs, keylogging behavior, and how Huntress defenders detect and respond. 2017-07-17T17:00:00Z https://www.huntress.com/blog/deep-dive-squashing-an-mssql-attack-a0e1f40f085c https://www.huntress.com/blog/deep-dive-squashing-an-mssql-attack-a0e1f40f085c During the previous MSP Moment, we walked our readers through an incident where our partner, NTConnections, used Huntress to discover a previously undetected breach. In this Deep Drive, we’ll examine the tradecraft used by the attackers to gain access through the database, kill/disable antivirus, download malicious files, and establish a persistent foothold within the network. 2017-07-17T17:00:00Z https://www.huntress.com/blog/security-awareness-training-will-prevent-ransomware https://www.huntress.com/blog/security-awareness-training-will-prevent-ransomware Ransomware security awareness training is the most effective way to prevent a ransomware attack against your organization and its employees. Read more in the Huntress Blog to find out how. 2017-07-05T00:00:00Z https://www.huntress.com/blog/msp-moment-squashing-an-mssql-attack-acc08886f367 https://www.huntress.com/blog/msp-moment-squashing-an-mssql-attack-acc08886f367 When it comes to breaches, it’s hard to find a silver lining when the end result is customer down time, data theft, or damaged reputations. For Managed Service Providers with tens to hundreds (or even thousands) of clients, the stakes are even higher. In this MSP Moment, we’re highlighting how NTConnections, a Washington DC based MSP, responded to a database outage which quickly escalated into an incident response effort. 2017-05-08T18:00:00Z https://www.huntress.com/blog/troubleshooting-procmon-sysmon-v3-32-c4397dc75f50 https://www.huntress.com/blog/troubleshooting-procmon-sysmon-v3-32-c4397dc75f50 When it comes to troubleshooting software errors, analyzing malware samples, or discovering security misconfigurations, the Sysinternals Suite can likely solve your problem. For many IT and Security professionals, this collection of Windows utilities is similar to the Swiss Army knife. 2017-04-25T17:00:00Z https://www.huntress.com/blog/huntress-wins-connectwise-it-nation-partners-choice-award-c8e06f9d6e10 https://www.huntress.com/blog/huntress-wins-connectwise-it-nation-partners-choice-award-c8e06f9d6e10 Huntress wins prestigious award at this year’s largest MSP industry conference, ConnectWise IT Nation, for industry-leading Managed Detection & Response service. 2016-11-21T18:00:00Z https://www.huntress.com/blog/how-do-you-protect-computers-from-attackers-if-youre-not-familiar-with-hacking-techniques-cb1c836f92ce https://www.huntress.com/blog/how-do-you-protect-computers-from-attackers-if-youre-not-familiar-with-hacking-techniques-cb1c836f92ce How do you protect computers from attackers if you’re not familiar with hacking techniques? The historical answer to this question has been antivirus and firewalls. However, the last several years have demonstrated hackers can slip past these preventative technologies and cause devastating results to the victims. 2016-11-14T16:00:00Z https://www.huntress.com/blog/how-my-stubhub-account-got-hacked https://www.huntress.com/blog/how-my-stubhub-account-got-hacked If you have a StubHub account, you are open to a major vulnerability of having your StubHub hacked. Learn more about how you are at risk & how Huntress' Security Awareness Training can help. 2016-04-06T00:00:00Z