Vendor
Expanding Detection Beyond Endpoints to Counter Evolving Threats
3 rules 6 TTPsThreat actors are rapidly exfiltrating data by exploiting blind spots created by an over-reliance on endpoint data, necessitating a comprehensive security approach that incorporates cloud, identity, and network telemetry for effective threat detection and response.
Hickory DNS Recursor Cache Poisoning via Sibling Zone Delegation
2 rulesThe experimental `hickory-recursor` crate in Hickory DNS is vulnerable to cross-zone cache poisoning due to storing DNS records keyed by record name/type instead of query, enabling an attacker to redirect queries for a victim zone to an attacker-controlled nameserver.
Persistence via Windows Installer (Msiexec)
3 rules 3 TTPsAdversaries may establish persistence by abusing the Windows Installer (msiexec.exe) to create scheduled tasks or modify registry run keys, allowing for malicious code execution upon system startup or user logon.