top of page
.png){kind=logo}
Modern Incident Response: Tackling Malicious ML Artifacts
Machine learning model files (e.g. .pkl, .pt, .onnx, .pb) can serve as stealthy malware carriers. When a serialized model is the root cause of a breach, incident responders face unique challenges in detection, analysis, and attribution.
Security Joes
May 1212 min read
937
Gaps in Traditional DFIR Playbooks: Machine Learning Models
Incidents involving malicious ML models reveal significant weaknesses in standard Digital Forensics and Incident Response (DFIR)...
Security Joes
May 410 min read
285
0
Crowdstrike Global Outage: Effective Solutions To Mitigate The Impact
Crowdstrike outage
Security Joes
Jul 19, 20242 min read
6,068
0
Security's Achilles' Heel: Vulnerable Drivers on the Prowl
A notable trend in cyber threats nowadays is the exploitation of vulnerabilities in drivers through the Bring Your Own Vulnerable Driver...
Security Joes
Jul 15, 202414 min read
3,257
0
Hide and Seek in Windows' Closet: Unmasking the WinSxS Hijacking Hideout
Our investigation has revealed an innovative approach that leverages executables commonly found in the trusted WinSxS folder and exploits...
Security Joes
Jan 1, 20248 min read
15,171
0
Mission "Data Destruction": A Large-scale Data-Wiping Campaign Targeting Israel
Mission "Data Destruction": A Large-scale Data-Wiping Campaign Targeting Israel
Security Joes
Nov 10, 20235 min read
2,795
0
BiBi-Linux: A New Wiper Dropped By Pro-Hamas Hacktivist Group
Security Joes Incident Response team volunteered to assist Israeli companies during the times of war between the state of Israel and the...
Security Joes
Oct 30, 20235 min read
14,952
0
New Attack Vector In The Cloud: Attackers caught exploiting Object Storage Services
Security Joes Incident Response team recently became aware of a set of relatively new CVEs that were released at the end of March 2023....
Security Joes
Sep 4, 202318 min read
10,017
0
Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution
Our research team is committed to continuously identifying potential security vulnerabilities and techniques that threat actors may...
Security Joes
Jun 27, 202314 min read
25,872
0
Microsoft Patch Tuesday: Two Actively Exploited 0-Days & 9 Critical CVEs
Microsoft's latest Patch Tuesday rollout for March 2023 has included a staggering 80 security patches, with nine vulnerabilities being...
Security Joes
Mar 15, 20234 min read
893
0
Threat Alert: Silicon Valley Bank Crash Triggers Cybersecurity Risks
On Friday, Silicon Valley Bank, a prominent lender to the technology industry, collapsed, causing panic among its customers and...
Security Joes
Mar 12, 20234 min read
442
0
Operation Ice Breaker Targets The Gam(bl)ing Industry Right Before It's Biggest Gathering
In September of last year, our Incident Response team was called to an incident that was identified as an attempt of social engineering...
Security Joes
Feb 1, 202313 min read
7,065
0
Raspberry Robin Detected ITW Targeting Insurance & Financial Institutes In Europe
Recent attacks documented in previous months seem to be orchestrated by hacking groups using a framework called Raspberry Robin. This...
Security Joes
Jan 2, 20238 min read
9,159
0
Open {Your} A{Eyes} - 2023 Predictions
Security Joes is a multi-layered incident response and MDR firm based out of Israel. It had been invited to investigate numerous...
Security Joes
Dec 11, 20224 min read
305
0
FBI, CISA say Cuba ransomware gang extorted $60M from victims this year
According to TechCrunch, "The Cuba ransomware gang extorted more than $60 million in ransom payments from victims between December 2021...
Security Joes
Dec 2, 20221 min read
84
0
Dissecting PlugX To Extract Its Crown Jewels
PlugX is a malware family first spotted in 2008. It is a Remote Access Trojan that has been used by several threat actors and provides...
Security Joes
Sep 14, 20221 min read
544
0
Another European nation hit by hackers, Montenegro grapples with ongoing ransomware attack
According to Cyberscoop, "Multiple Montenegrin government websites remained inaccessible Friday, a week after government officials there...
Security Joes
Sep 2, 20221 min read
74
0
Iranian Hackers Still Exploiting Log4j Bugs Against Israel
According to BleepingComputer, "Hackers continue to exploit the Log4j vulnerability in vulnerable applications, as shown by the Iranian...
Security Joes
Aug 26, 20221 min read
69
0
Backdoor Via XFF - Mysterious Threat Actor Under Radar
Our incident response team caught a strange-looking Webshell activity on a server that was running an internal web application. It raised...
Security Joes
Jun 15, 20221 min read
210
0
Sockbot in Goland - Linking APT Actors With Ransomware Gangs
Our incident response team had responded to malicious activity in one of our clients' network infrastructure. A compromised Secure Access...
Security Joes
Mar 9, 20221 min read
140
0
bottom of page