Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest Videos

Hunting the XZ Backdoor (CVE-2024-3094) | Threat SnapShot

Welcome back to another episode of SnapAttack's Threat SnapShot! I’m AJ King, the Director of Threat Research here at SnapAttack. In today’s episode, I dive into detecting the XZ Backdoor, CVE-2024-3094, a sophisticated supply chain attack that could have had a massive impact on many Linux distributions.

Hunting Exploitation of SmartScreen and Streaming Service CVEs | Threat SnapShot

Let's face it - if patch management was a silver bullet then we wouldn't need vulnerability management, and threat actors know this. Vulnerabilities get picked up by threat actors and exploited as 1-days. In this week's Threat SnapShot, we'll look at a few recent Windows vulnerabilities that have been added to the CISA Known Exploited Vulnerability catalog and are actively used by threat actors like Water Hydra and Raspberry Robin. The first, a SmartScreen bypass (CVE-2023-36025 and CVE-2024-21412), allows code execution through crafted short links.

ScreenConnect Compromise: Hackers Are Watching, Are You Ready? | Threat SnapShot

We know threat actors use RMM tools for command and control and to blend in with other legitimate activity in networks. But how about exploiting RMM tools for fun, profit, and remote code execution? In this week's Threat SnapShot, we'll look at two recent vulnerabilities in ConnectWise ScreenConnect (CVE-2024-1708 and CVE-2024-1709) an authentication bypass and directory traversal that can be combined together to achieve remote code execution.

Click with Caution: The Moniker Link Vulnerability (CVE-2024-21413) Exposed | Threat Snapshot

Did you catch the Moniker Link vulnerability from Microsoft's recent "Patch Tuesday"? It's not often that a 9.8 CVSS remote code execution flaw is identified in one of Microsoft's products. But does it live up to the hype? Tracked as CVE-2024-21413, this security flaw could lead to NTLM credential theft and potentially allow remote code execution through manipulated hyperlinks in Microsoft Outlook.

Untangling Scattered Spider's Web: Hunting for RMM Tools | Threat SnapShot

Remote Monitoring and Management (RMM) tools, traditionally utilized by IT departments to oversee and manage network infrastructure, software, and systems remotely, have increasingly become a double-edged sword in cybersecurity. The recent breach of AnyDesk, a popular RMM software, underscores the criticality of securing these tools against exploitation. Adversaries like Scattered Spider exploit these legitimate tools for malicious purposes, leveraging them to gain unauthorized access, maintain persistence, and conduct lateral movement within targeted networks.

Unzipped! The Hidden Dangers Behind .Zip Domains | Threat SnapShot

Phishing attacks got a little more interesting last year with the addition of.zip as a domain name. Attackers started using it in phishing campaigns, playing on a user's assumption that they were downloading the popular archive file. In this week's Threat SnapShot, we'll take a closer look at how attackers have used the.zip domain for phishing, as well as detection and hunting strategies you can use to keep your organization safe..