27 Jul 2023

HAWKEYE Breach Detection, Cyber Security, Managed SOC Services, Threat Intelligence Permalink

Alert Advisory: Analysis of the Microsoft Storm-0558 SaaS Breach

HAWKEYE July 27, 2023

The operators of Storm-0558 stole a Microsoft account (MSA) consumer signing key to forge tokens for Azure Active Directory (AD) enterprise and MSA users to access Exchange Online and OWA accounts, according to a report last week from Microsoft, which identified the threat actor as Storm-0558 as being based in China.

Read More

27 Jul 2023

HAWKEYE Cyber Security Permalink

Quishing Attacks on the Rise

HAWKEYE July 27, 2023

The phishing technique known as QR code phishing, sometimes known as quishing, employs QR codes to entice victims into exposing private information. Threat actors generate QR codes that appear to be genuine—for example, ones that claim to give a discount or special offer—but in reality take the victim to a fraudulent website under the attacker’s control.

Read More

22 Jul 2023

HAWKEYE Alert Advisory, Cyber Security, Security Operations Center, Vulnerability Assessment Permalink

Alert Advisory: Citrix ADC Gateway RCE – CVE-2023-3519

HAWKEYE July 22, 2023

In this blog post, we will explore the details of Citrix ADC vulnerability, its potential consequences, and the importance of responsible vulnerability management.

Read More

21 Jun 2023

HAWKEYE Cyber Security, Cyber Threat Intelligence, Malware Protection Permalink

Freeze – A Payload Toolkit for Bypassing EDRs using Suspended Processes

HAWKEYE June 21, 2023

Freeze is a potent tool that makes it possible to build payloads that stealthily run shellcode and get beyond EDR security measures. Freeze removes Userland EDR hooks via various methods, and shellcode is executed in a way that evades detection by other endpoint monitoring tools.

Read More

09 May 2023

HAWKEYE Cyber Security, Supply Chain Security Permalink

3CX Double Software Supply Chain Hack

HAWKEYE May 9, 2023

A significant supply chain breach in 3CX software on March 29 resulted in malware being spread internationally across numerous industries. It is comparable to other high-profile supply chain hacks like SolarWinds in that the criminals target a popular service or software given to several large organizations rather than a single organization.

Read More

02 May 2023

HAWKEYE Cyber Security, Malware Protection Permalink

Rogue NuGet Packages – The Rise of Supply Chain Risks

HAWKEYE May 2, 2023

NuGet is the package manager for .NET. It enables developers to create, share, and consume useful .NET libraries. NuGet client tools provide the ability to produce and consume these libraries as “packages”.

Read More

18 Apr 2023

HAWKEYE Cyber Security, Ransomware Protection Permalink

Ragnar Locker Ransomware

HAWKEYE April 18, 2023

Ragnar Locker Ransomware is a type of malware that encrypts a victim’s files and then demands a ransom to decrypt them. The ransomware initially appeared in May of 2019, and it has since been utilized in attacks against businesses all around the world.

Read More

12 Apr 2023

HAWKEYE Cyber Security, Managed SOC Services, Threat Hunting Permalink

Threat Hunting Unauthorized RDP Post-Exploitation

HAWKEYE April 12, 2023

Users of Microsoft Windows systems can access a remote desktop on systems remotely to administer one or more workstations and/or servers using the Remote Desktop Protocol (RDP).

Read More

10 Apr 2023

HAWKEYE Cyber Security, Managed SOC Services Permalink

How SBOM Plays a Key Role in CSOC

HAWKEYE April 10, 2023

In general, 75% of codebases use open-source software, according to the 2021 Open Source Security and Risk Study report. Costs associated with development, acquisition, and maintenance as well as cybersecurity risk are dramatically increased by the absence of systemic visibility into the structure and functionality of these software solutions.

Read More

07 Apr 2023

HAWKEYE Cyber Security, Managed SOC Services, Vulnerability Assessment Permalink

Rise in ICS Vulnerabilities

HAWKEYE April 7, 2023

Due to concerns about interoperability, high uptime requirements, and occasionally the age of devices, patching vulnerabilities in industrial contexts has always been difficult.

Read More

31 Mar 2023

HAWKEYE Alert Advisory, Cyber Security, Managed SOC Services Permalink

CVE-2023-23397 – Critical Outlook Vulnerability

HAWKEYE March 31, 2023

On March 14th, 2023, Microsoft released patches for approximately 80 newly found security vulnerabilities. There were two zero-day attacks among these vulnerabilities, CVE-2023-23397 and CVE-2023-24880.

Read More

27 Mar 2023

HAWKEYE Cyber Security, Cyber Threat Management, Managed SOC Services Permalink

Managed 24×7 Cyber Threat Detection and Response in OT/ICS

HAWKEYE March 27, 2023

Industrial Control Systems (ICS) and Operational Technology (OT) play a critical role in the functioning of essential industries such as energy, transportation, manufacturing, and utilities.

Read More

21 Mar 2023

HAWKEYE Alert Advisory, Malware Protection, Managed SOC Services Permalink

Emotet Epoch 5

HAWKEYE March 21, 2023

The notorious Emotet malware has returned with a new tactic to evade macro-based security restrictions and infect systems. This time, it’s using Microsoft OneNote email attachments, as well as its previous modus operandi of distributing booby-trapped documents containing macros.

Read More

10 Mar 2023

HAWKEYE Alert Advisory, Malware Protection, Managed Security Services Permalink

The Emotet Botnet Epoch4: A Highly Sophisticated and Dangerous Malware Campaign

HAWKEYE March 10, 2023

Emotet is one of the most sophisticated and dangerous malware families currently in existence. It is a modular banking Trojan that can steal sensitive information and infect other machines on a network.

Read More

28 Feb 2023

HAWKEYE Cyber Security, Threat Hunting Permalink

Digital Risk Management – Threat Hunting for Secrets, Keys and Leaked Source Code on Github

HAWKEYE February 28, 2023

DRM stands for the procedure of locating, evaluating, and minimizing hazards to a company’s digital assets.

Read More

11 Feb 2023

HAWKEYE Alert Advisory, Cyber Security, Vulnerability Assessment Permalink

ManageEngine RCE Vulnerability (CVE-2022-47966)

HAWKEYE February 11, 2023

A remote code execution vulnerability (CVE-2022-47966) impacting a number of Zoho ManageEngine on-premise products with SAML SSO enabled has been actively exploited, according to Rapid7.

Read More

10 Feb 2023

HAWKEYE Alert Advisory, Cyber Security, Vulnerability Assessment Permalink

OWASSRF Exploit – Targeting Arbitrary Code Execution on Microsoft Exchange OWA

HAWKEYE February 10, 2023

Two zero-day vulnerabilities in Microsoft Exchange were reportedly being actively exploited on September 29, 2022, with the potential to lead to remote code execution (RCE).

Read More

30 Jan 2023

HAWKEYE Cyber Security, Managed SOC Services Permalink

Detecting Rogue Devices on Enterprise Network

HAWKEYE January 30, 2023

Organizations rely on wired networks in today’s hyperconnected environment to link devices and facilitate internal communication. However, it has become more challenging to maintain visibility and control over all devices connected to the workplace wired network due to the expansion of the Internet of Things (IoT) devices and Bring Your Own Device (BYOD) rules.

Read More

27 Jan 2023

HAWKEYE Cyber Security, Incident Response, Managed SOC Services, Ransomware Protection Permalink

Protecting VMWare ESXi Hypervisors from Ransomware

HAWKEYE January 27, 2023

One of the top platforms in the virtualization sector is VMware. Organizations can more effectively use the computing power of their systems with the aid of virtualization software. VMware ESXi setups may be set up and managed in a fairly easy and uncomplicated manner.
Read More

26 Jan 2023

HAWKEYE Cyber Security, Managed SOC Services Permalink

Wi-Fi Security – Monitoring Hacking Attempts

HAWKEYE January 26, 2023

Wired Ethernet is no longer the best option for many enterprises. The preferred network access technology for users and endpoints is now IEEE 802.11 Wi-Fi. Compared to conventional LANs, wireless LANs have many benefits. They can lower ownership costs and are dependable and adaptable.
Read More