eSentire

As your business scales, so do the threats you're facing. Your team needs a partner that can detect threats in seconds and contain them in minutes. At eSentire, our sole mission is to protect your critical data, technology, and people from cyber threats. We combine: ✅ Total Attack Surface Visibility ✅ XDR Cloud Platform Technology ✅ Proprietary Machine Learning Models ✅ 24/7 Threat Hunting The result? eSentire MDR delivers complete Response to stop threats before they become business-disrupting events. Combat-ready and battle-tested, Team eSentire stands guard so you don't have to. An attack on you is an attack on us. Full stop. Get started now: https://bit.ly/3HAc6c8

Introducing 🥁 Gh0stGambit: a dropper for deploying Gh0st RAT 👻 🔍 The eSentire Threat Response Unit (TRU) has identified alarming activities linked to the Gh0st RAT malware: - Utilization of malicious installer packages posing as Chrome browser downloads. - Infection through drive-by downloads, targeting primarily Chinese-speaking users. - Advanced evasion techniques observed, including misuse of registry and system files. The evolving nature of Gh0st RAT showcases the versatility and persistence of this threat. Drive-by downloads remain a highly effective attack vector, calling for heightened user awareness. ⚠️ Be aware: Open-source tools, while beneficial, can be weaponized to enhance the capabilities of malware. 📝 TRU Recommendations: - Implement robust Phishing and Security Awareness Training (PSAT) for all employees. - Provide a secure portal for downloading approved software to prevent unauthorized installations. - Adopt a minimum privilege strategy on all endpoints to limit exposure to threats. 🔗 Dive deeper into the findings and detailed defense strategies in the full TRU Positive: https://bit.ly/3ZVrP2h #Cybersecurity #MalwareDetection #TRUInsights #Gh0stRAT #Gh0stGambit

After a summertime breach involving over a terabyte of data, Disney is planning to shift away from Slack and switching to Microsoft Teams by the end of Q1 of FY2025. 🛡️ Paul A., our Team Lead of Threat Intelligence, gives some valuable perspective on threat actors’ claims: “It's much more probable that this threat actor bought info stealer logs off the dark web market and then they were able to use those logs for access into Disney.” The incident highlights a crucial conversation around third-party platforms and the shared responsibility for data security. 🤔 As Paul further points out, post-breach decisions aren't one-size-fits-all: “Some organizations are going to switch while others are going to stay the course. The right solution needs to be evaluated and based on individual use cases and requirements. So, rapid changing between products, probably not a wise decision, but that continued evaluation and switching based on your requirements is very legitimate.” 🔍 Key takeaway: Whether you use Slack, Teams, or any other platform, it’s not just about which tool you pick—it's how you secure it and the policies you put in place to protect sensitive data. The right solution needs to fit your organization's unique security requirements. Read the full article: https://bit.ly/3NeKFtw #Cybersecurity #DataBreach #Infosec #MDR #ThreatIntelligence #EnterpriseSecurity

💡 Resilience isn’t just about bouncing back; it’s about evolving. As a security leader, resilience empowers you to measure progress, compare results, and showcase how your strategies help the business evolve. By aligning your security efforts with business objectives, resilience becomes a key driver of growth, not just a safeguard. #CyberResilience #Leadership #CyberSecurity

Every month, Threat Response Unit (TRU) hosts a live webinar to share new research-driven observations of malware, notable vulnerabilities, threat actor groups, and cyber activity affecting the threat landscape. Join us on September 10, 2024 for our monthly TRU Intelligence Briefing as they review: 🦉 Threat Landscape: A review of malware recently observed by eSentire’s Threat Intelligence team over the past month including InvisibleFerret, CleanUpLoader and StealC, as well as notable vulnerabilities impacting Ivanti (CVE-2024-7593, CVE-2024-8963, CVE-2024-8190), SonicWall (CVE-2024-40766), and Veeam (CVE-2024-40711). 🦉 A brief update on cyber activity relating to ongoing North Korean APT activity. 🦉 Abuse of Remote Monitoring and Management (RMM) by State-Sponsored and Cybercriminal Groups: A discussion of the most common RMM applications/methods abused by these groups and associated recommendations on how to lock down approved tools and detect/block the rest. 🦉 Tactical Threat Response – RMM Tools: Recommendations for how defenders can detect and prevent RMM abuse. Register here: https://lnkd.in/gcawxa_X #threatintelligence #threatbriefing

AI can process billions of data points in seconds. But when it comes to detecting complex threats, it’s no match for human intuition. 🤖 🔍 Dr. Jeff Schwartzentruber, Senior Machine Learning Scientist at eSentire, explains why. 💡 AI is powerful for automating tasks and spotting anomalies. But only cybersecurity experts can interpret the context and intent behind these patterns. Why does this matter? Because sophisticated attacks are more than just data—they’re about behavior, motive, and nuance. Cyber experts bring strategic insights that AI can’t replicate. 🧠 The best defense? A blend of AI’s speed and human expertise. Read Jeff's full insights here:

eSentire TRU has uncovered Go Injector malware attempting to execute the Lumma Stealer. This malware targets cryptocurrency wallets and other sensitive data. Initial attack vectors included a deceptive captcha page directing users to download malicious payloads. 🧑💻 📚 Insights from the latest TRU Positive: - Fake captcha pages are sophisticated social engineering tactics used to trick users. - Attack chains are designed to obscure the true origin of the malware, making detection more challenging. - Regular monitoring for unusual system or network activity is recommended. 👉 Read more in the full TRU Positive: https://bit.ly/3BfT2SN

Today marks the first day of October, and the start of Cybersecurity Awareness Month (CSAM)! For security leaders, #CybersecurityAwarenessMonth goes far beyond basic cyber hygiene. 💁 Protecting your organization requires layered, adaptive defenses that can help you fight the most sophisticated threats. As part of Cybersecurity Awareness Month, let's commit to the strategies and technologies driving real-world impact in cybersecurity, such as: 🛡️ Multi-layered defense strategies 👽 Zero Trust models to limit potential attack vectors ⚡ Advanced detection and response solutions that catch threats in real-time 🧑 Human-centric security approaches that address insider risks and reduce alert fatigue This isn’t just about best practices — it’s about building real, actionable resilience 💪 Let’s take the necessary steps to secure what matters most. #SecureOurWorld #CSAM #cybersecurityawareness

We're so excited to co-host this webcast with ACA Group! Join our very own John Moretti tomorrow alongside Isaac Niedrauer as they discuss the economic importance of protecting digital assets from cyber risks, assessing organizational readiness to counter threats, identifying the top vulnerabilities you should be aware of, and the key initiatives that will help you continually build and enhance resilience. In this webinar, you’ll learn: ➡ What cyber resilience is, how it helps you stay ahead of emerging threats, and why it’s a critical component of a strong cybersecurity program ➡ Top vulnerabilities and key initiatives to help you build and improve your organization’s preparedness against cyber threats. ➡ Lessons learned from recent breaches and provide strategies to help your organization stay ahead of potential cyber threats and minimize your cyber risk. Register now: https://lnkd.in/gfV_pGmK

What if cyber resilience is the strategy your business can’t afford to overlook? 🤔 In this episode of the CSO Perspectives podcast, Tia (Yatia) Hopkins, our Chief Cyber Resilience Officer, dives into the "why" behind building a solid business case for cyber resilience with Roselle Safran, CEO of KeyCaliber 💡 They discuss how resilience isn't just about bouncing back—it's about staying strong, minimizing risks, and keeping business moving. 🚀 Tune in to hear how you can shift your strategy from defense to true resilience. 🎙️ Listen now: https://apple.co/3XIg38n #CyberResilience #Cybersecurity