Insights

​A recent cybersecurity investigation by the Splunk Threat Research Team has uncovered a significant exploitation campaign targeting over 4,000 IP addresses associated with Internet Service Providers (ISPs) on the West Coast of the United States and in China. This campaign involves the deployment of information-stealing malware and cryptocurrency miners on compromised systems. Attack Methodology The threat actors initiated their attacks by conducting brute-force attempts to exploit weak credentials, primarily originating from IP addresses linked to Eastern Europe. Upon gaining initial access, they employed PowerShell scripts to deliver various executables designed for network scanning, data theft, and cryptocurrency mining using XMRig. Notably, before executing these payloads, the attackers disabled security features and terminated services that could detect cryptominers, aiming to evade detection. Capabilities of the Malware The deployed stealer malware possesses functionalities beyond standard data theft. It can capture screenshots and operates similarly to clipper malware by monitoring clipboard content for…

In the realm of cybersecurity, it's not just about keeping an eye on incoming traffic - we must also ensure that our network infrastructure is secure from potential threats. One such overlooked feature is the Internet Control Message Protocol (ICMP) timestamp response, which can be a significant source of vulnerabilities if left enabled.   What are ICMP Timestamp Responses? The ICMP protocol is used to send error messages or informational messages between network devices. When you enable ICMP timestamp responses in your router settings, it means that your router will periodically generate timestamps for outgoing ICMP echo requests. While this might seem like a useful feature, it actually poses several dangers: Potential Timing Attack Vulnerabilities: Timestamps can be used as part of timing attacks. Attackers can use these to determine the time difference between their network and your network, which could then be exploited in other ways such as launching…

Release Date: February 20, 2025 Bulletin ID:  Exchange 2016 and 2019 End of Support Severity: Advisory Impact: Security Risks, Lack of Support Summary Microsoft has announced the End of Support (EOS) for Exchange Server 2016 on October 14, 2025. Exchange Server 2019 remains the last on-premises version of Exchange, but customers should be aware of lifecycle policies and support timelines to ensure security and compliance. After the EOS date, Exchange Server 2016 will no longer receive security updates, bug fixes, or technical support, which could leave organizations vulnerable to security threats and compliance issues. Organizations should take proactive steps to plan their migration strategy to ensure continued security and support. Next Steps for Customers Migrate to Exchange Online (Recommended) Microsoft recommends migrating to Exchange Online as part of Microsoft 365. This ensures: - Automatic updates and security patches - Lower maintenance overhead - Cloud-based collaboration and enhanced security features Upgrade to Exchange Server Subscription Edition (If Remaining On-Premises) Exchange Server 2019 is…

We're excited to share some big news! Our very own Patrick Kelley has been selected to speak at the 2025 Co-op Cyber Tech conference, taking place June 24-26 in Denver, Colorado, at the Hyatt Regency Denver at Colorado Convention Center. This conference brings together cybersecurity professionals from around the globe to exchange ideas, insights, and best practices-so it's truly an honor for Patrick to be a part of it. Patrick's session, "Mental Health in Cybersecurity: Leveraging the Maslach Burnout Inventory (MBI)," will address one of the most pressing challenges facing the industry today: the toll that high-stakes cybersecurity work can take on mental well-being. He'll explore how the MBI, a globally recognized tool for measuring occupational burnout, can help cybersecurity teams identify and address stressors before they escalate. By examining the unique pressures cybersecurity professionals face-intense workloads, rapidly evolving threat landscapes, and round-the-clock incident response-Patrick will demonstrate evidence-based strategies to…