From huntress.com
Utilizing ASNs for Hunting & Response | Huntress
0 2
Autonomous system numbers are like the address book of the internet, and not every IP address belongs to a “friendly” address. Learn more about how the Huntress Hunt & Response teams utilize ASNs.
on Thu, 10PM
From huntress.com
Rapid Response: Samsung MagicINFO 9 Server Flaw | Huntress
0 1
Huntress has verified Samsung’s MagicINFO 9 Server (version 21.1050.0) is vulnerable to a publicly available proof-of-concept (PoC). Understand why MagicINFO 9 Server shouldn’t be internet-facing until a patch is applied.
on Wed, 7PM
From huntress.com
The 36 Most Common Cyberattacks [2025] | Huntress
0 0
Learn about some of the most common cyberattacks, how threat actors access computers and networks, and how to lower future risks.
on May 2
From huntress.com
Huntress 2025 Managed ITDR Report | Reports | Huntress
0 0
We surveyed 600+ IT security professionals to see how identity-based attacks are affecting businesses, how they’re handling these threats, and what changes they plan to make to their identity protection in the year. The result? The Huntress 2025 Managed ITDR Report.
on Apr 29
From huntress.com
Credential Theft: Expanding Your Reach, Pt. II | Huntress
0 0
As with many tactics within the MITRE ATT&CK framework, credential theft consists of a number of different techniques. Showing what many of them look like on an endpoint helps other security professionals understand what to look for and how to detect and respond to similar activity.
on Apr 24
From huntress.com
Say Hello to Mac Malware | Huntress
0 0
In this month’s Tradecraft Tuesday, we talked about how threat actors are finetuning their macOS malware in order to maintain persistent access and avoid detection by Apple’s security features.
on Apr 22
From huntress.com
Tales of Too Many RMMs | Huntress
0 0
In a highly interconnected world, remote monitoring and management (RMM) tools are critical to reducing cost and increasing efficiencies. However, these tools pose challenges and even significant risk if not properly managed.
on Apr 17
From huntress.com
Why App Allowlisting and Zero Trust Solutions Alone Won’t Save You | Huntress
0 0
App Allowlisting is a good preventative software tool, but it's not enough. Learn why a layered security approach with detection and response is crucial to protect against today's cyber threats.
on Apr 16
From huntress.com
0 0
Huntress has observed in the wild exploitation against CVE-2025-30406, a weakness due to hardcoded cryptographic keys.
on Apr 14
From huntress.com
How EDR and ITDR Elevate Your Security | Huntress
0 0
Threat actors are now exploiting both endpoints and identities in the latest cyberattacks. Learn about the rise of identity-based threats and why a combined EDR and ITDR approach is crucial for your cybersecurity.
on Apr 9
From huntress.com
Credential Theft: Expanding Your Reach | Huntress
0 0
Threat actors compromise endpoints via various means, obtaining initial access via phishing or brute force guessing passwords and logging into the endpoint. Once in, threat actors often look to persist and extend their reach through credential theft, stealing passwords so that they can log in...
on Apr 8
From huntress.com
Cyber Hygiene Threats Lurking at Your Perimeter: RDP, VPNs, and Remote Tools | Huntress
0 0
Poor credential hygiene and misconfigurations give hackers an easy way in. See real-world cyber hygiene failures, how attackers exploit them, and how Managed EDR stops them cold.
on Apr 4
From huntress.com
0 0
Threat actors are enabling the built-in Windows Guest account to maintain persistence. Learn how they gain access and how to detect this activity.
on Apr 2
From huntress.com
The Ultimate Validation: Making a Hacker’s “Do Not Engage” List | Huntress
0 0
When Celestial Stealer runs in the wild, it looks for Huntress’ own Jai Minton as a potential threat, and this shuts down the infostealer operation if his name is detected.
on Apr 2
From huntress.com
Securing Endpoints from Common Vulnerabilities | Huntress
0 0
Learn how to lock down common endpoint vulnerabilities like weak passwords and unpatched software to secure your systems against threats like phishing and malware.
on Mar 29
From huntress.com
6 Months of Researching OAuth Application Attacks | Huntress
0 1
There’s never just one termite. Huntress has spent the last 6 months researching and cracking down on malicious OAuth applications. Read about what we’ve found in this blog!
on Feb 14
From huntress.com
0 2
Huntress’ 2025 Cyber Threat Report is here! Explore the year's biggest threats—RATs, phishing, ransomware—and how evolving tactics demand smarter defense.
on Feb 11
From huntress.com
2025 Cyber Threat Report | Huntress
0 1
Stay ahead of cyber threats with the Huntress 2025 Cyber Threat Report. Uncover last year’s cyberattacks, get key industry insights, and develop strategies to outsmart the most malicious hackers.
on Feb 11
From huntress.com
0 0
Join us for monthly hacking demonstrations, malware analysis, cybersecurity headlines and more. View previous episodes and register for future sessions.
on Feb 7
From huntress.com
Device Code Phishing in Google Cloud and Azure | Huntress
0 0
All OAuth 2.0 implementations are equal. Some are just more equal than others. This blog covers device code phishing and compares OAuth implementations between Google and Azure. Does OAuth implementation impact the efficacy of hacker tradecraft? Find out here!
on Feb 7
From huntress.com
0 0
Huntress discovered RedCurl activity across several organizations in Canada going back to 2023. Learn more about how this APT operates and how they aim to remain undetected while exfiltrating sensitive data.
on Jan 10
From huntress.com
Exploring Package Tracking Smishing Scams | Huntress
0 0
Smishing (or SMS phishing) is far more frequent during the holidays. Learn to recognize the signs of a smish and how to avoid falling victim to one.
on Jan 2
From huntress.com
2024: Revisiting a Year in Threats | Huntress
0 0
Take a look back at some of the biggest threats we observed and analyzed in 2024.
on Jan 1
From huntress.com
Analyzing Initial Access Across Today's Business Environment | Huntress
0 1
Learn more about the initial access techniques observed by the Huntress SOC and Tactical Response teams! Gain valuable insights to help you protect your environment.
on Dec 19
From huntress.com
https://www.huntress.com/blog/cleo-software-vulnerability-malware-analysis
0 0
Team Huntress has analyzed Cleo's software vulnerability. Take a look at the technical breakdown of a new family of malware we’ve named Malichus.
on Dec 12
From huntress.com
Cleo Software Actively Being Exploited in the Wild | Huntress
0 0
Huntress identified an emerging threat involving Cleo’s LexiCom, VLTransfer, and Harmony software, commonly used to manage file transfers. Read more about this emerging threat on the Huntress Blog.
on Dec 10
From huntress.com
It’s Not Safe To Pay SafePay | Huntress
0 0
Due to the sheer breadth of our customer base, Huntress analysts have opportunities to observe a wide range of activity, some of which includes deploying different ransomware variants, as well as unsuccessful attempts to do so. Huntress has observed Akira ransomware affiliates in action, as well...
on Dec 3
From huntress.com
Know Thy Enemy: A Novel November Case | Huntress
0 0
In this blog, Huntress SOC investigators unravel the lateral movement and persistence of an interesting threat actor and their novel infrastructure
on Nov 25
From huntress.com
You Can Run, But You Can’t Hide: Defender Exclusions | Huntress
0 0
Understand Windows Defender AntiVirus exclusions and how adversaries might leverage this capability to bypass scans.
on Nov 21
From huntress.com
Silencing the EDR Silencers | Huntress
0 0
Discover how adversaries are using tools like EDRSilencer to tamper with EDR communications and learn how you can fight back.
on Oct 29
From huntress.com
Protect Yourself from Political Donation Scams | Huntress
0 0
Don’t let fraud disrupt your civic duty. Learn how to spot and avoid political donation scams that target voters through robocalls, fake websites, and deepfakes.
on Oct 24
From huntress.com
5 Phishing Email Scams and How NOT To Fall For Them | Huntress
0 0
Explore the art of phishing, learn how to spot common phishing scams and red flags, and understand the importance of security awareness training.
on Oct 24
From huntress.com
Inside Adversary-in-the-Middle Attacks | Huntress
0 0
Discover how Adversary-in-the-Middle attacks silently hijack your sessions, and learn how to spot and prevent AitM with tips from the experts at Huntress.
on Oct 18
From huntress.com
Detecting Malicious Use of LOLBins, Pt. II | Huntress
0 0
Rhetoric within the cybersecurity community has leaned heavily towards threat actor use of LOLBins as a means of “hiding amongst the noise” of normal, administrative and operational activity. However, as Huntress SOC analysts can attest, this is often far from the case.
on Oct 17
From huntress.com
Hunting for M365 Password Spraying | Huntress
0 0
Join Huntress Threat Hunters as they unpack the password-spraying techniques of threat actors, exposing how they target everything from small businesses to giants like Microsoft.
on Oct 7
From huntress.com
ReadText34 Ransomware Incident | Huntress
0 0
Huntress analysts see a number of attacks on a daily and weekly basis, some of which include ransomware attacks. Now and again, Huntress analysts will observe a ransomware attack that stands out in some novel manner.
on Sep 20
From huntress.com
Cracks in the Foundation: Intrusions of FOUNDATION Accounting Software | Huntress
0 0
Threat actors have been successful in gaining entry using accounting software commonly used by construction companies.
on Sep 17
From huntress.com
Detecting Malicious Use of LOLBins | Huntress
0 0
There are those within the cybersecurity community who’ve said for some time that the threat actor use of LOLBins makes them more difficult to detect, but that may not be the case. Moving from the use of LOLBins to how those native utilities are used by threat actors actually leads to some...
on Sep 11
From huntress.com
Advanced Persistent Threat Targeting Vietnamese Human Rights Defenders | Huntress
0 1
Huntress identified an intrusion against a non-profit supporting Vietnamese human rights that’s likely spanned years. Jump in as we provide a thorough analysis of this malicious threat actor.
on Aug 28
From huntress.com
Fake Browser Updates Lead to BOINC Volunteer Computing Software | Huntress
0 0
Huntress has observed new behaviors in conjunction with the malware SocGholish. Read on to understand the implications of this threat and how you can better protect yourself.
on Jul 19
From huntress.com
Hackers Are Hiding in Plain Sight: Insights from Our 2024 Cyber Threat Report | Huntress
0 0
Cybercriminals are now blending into legitimate systems. Huntress’ 2024 Cyber Threat Report reveals the latest unsettling trends and tactics we observed, including the misuse of remote monitoring tools and cloud storage services.
on Jul 2
From huntress.com
Series C Announcement | Huntress
0 0
Led by Sapphire Ventures, this fundraising round will fuel our expansion beyond the endpoint to secure SMBs' user identities and cloud applications.
on Jun 26
From huntress.com
Smuggler’s Gambit: Uncovering HTML Smuggling Adversary in the Middle Tradecraft | Huntress
0 0
Blowing the lid off of interesting adversary-in-the-middle tradecraft observed in the Huntress partner identities.
on May 23
From huntress.com
A Surge in Ransomware: Insights from Our 2024 Cyber Threat Report | Huntress
0 0
Explore the interesting changes in the world of ransomware and more key findings from Huntress' 2024 Cyber Threat Report.
on May 22
From huntress.com
2024 Cyber Threat Report | Huntress
0 0
Dive into the latest tradecraft, tactics, and trends to stay a step ahead of adversaries targeting businesses like yours with Huntress' 2024 Cyber Threat Report.
on May 22
From huntress.com
LOLBin to INC Ransomware | Huntress
0 0
Huntress has observed INC ransomware deployed in the past but recent activity indicates a possible continued shift in/or improvement of tactics employed by these threat actors.
on May 1, 2024
From huntress.com
https://www.huntress.com/blog/lightspy-malware-variant-targeting-macos
0 0
There's a new variant of LightSpy malware targeting macOS. Here, Huntress' macOS researchers dive into the macOS variant of the LightSpy malware, after gaps in recent reports stating that the LightSpy malware strictly targets iOS.
on Apr 25, 2024
From huntress.com
0 0
Join us for monthly hacking demonstrations, malware analysis, cybersecurity headlines and more. View previous episodes and register for future sessions.
on Apr 12, 2024
From huntress.com
Analyzing a Malicious Advanced IP Scanner Google Ad Redirection | Huntress Blog
0 1
Threat actors have been using malicious versions of Advanced IP Scanner to compromise their targets via malvertising campaigns. Let’s analyze one.
on Apr 1, 2024
From huntress.com
MSSQL to ScreenConnect | Huntress Blog
0 0
Huntress continues to see MSSQL server systems being attacked, and in recent incidents have seen overlap with previous incidents, not only in the use of LOLBins, but also in IP addresses used by the threat actor.
on Mar 29, 2024