Security Joes is an AI-Powered Incident Response solution with experts specializing in DFIR, MDR & Red Teaming. The company was established by security researchers to first and foremost generate its customers resilience against highly complex cyberwarfare incidents, automate threat intelligence to stay ahead of attackers and expose vulnerabilities and threats. Responders and researchers of Security Joes are strategically distributed over the world, to provide 24x7x365 “follow-the-sun” cov...| Security Joes
LazarOps: APT Tactics Targeting the Developers Supply Chain [PART 1]| Security Joes
In the never-ending cat-and-mouse game of cybersecurity, every advancement in defense inevitably drives attackers to evolve their tactics, exploiting new gaps and vulnerabilities. From the early days of signature-based antivirus solutions in the 1980s to today’s sophisticated behavioral and machine learning-driven detection tools, the landscape of cyber defense has become increasingly complex and robust. Yet, despite this progress, attackers continue to find creative ways to bypass even the...| Security Joes
Machine learning model files (e.g. .pkl, .pt, .onnx, .pb) can serve as stealthy malware carriers. When a serialized model is the root cause of a breach, incident responders face unique challenges in detection, analysis, and attribution.| Security Joes
Incidents involving malicious ML models reveal significant weaknesses in standard Digital Forensics and Incident Response (DFIR) procedures, which are traditionally focused on executable malware, scripts, or phishing-based vectors. When the “malware” is a machine learning artifact—such as a .pt or .pkl file—existing tools, training, and playbooks often fall short. Lack of Recognition of ML Artifacts as Threat VectorsDFIR playbooks rarely consider ML model files as potential root cau...| Security Joes
Crowdstrike outage| Security Joes
A notable trend in cyber threats nowadays is the exploitation of vulnerabilities in drivers through the Bring Your Own Vulnerable Driver...| Security Joes
Our investigation has revealed an innovative approach that leverages executables commonly found in the trusted WinSxS folder and exploits...| Security Joes
Security Joes Incident Response team recently became aware of a set of relatively new CVEs that were released at the end of March 2023....| Security Joes
Our research team is committed to continuously identifying potential security vulnerabilities and techniques that threat actors may...| Security Joes
Microsoft's latest Patch Tuesday rollout for March 2023 has included a staggering 80 security patches, with nine vulnerabilities being...| Security Joes
On Friday, Silicon Valley Bank, a prominent lender to the technology industry, collapsed, causing panic among its customers and...| Security Joes
In September of last year, our Incident Response team was called to an incident that was identified as an attempt of social engineering...| Security Joes
Recent attacks documented in previous months seem to be orchestrated by hacking groups using a framework called Raspberry Robin. This...| Security Joes
Security Joes is a multi-layered incident response and MDR firm based out of Israel. It had been invited to investigate numerous...| Security Joes
According to TechCrunch, "The Cuba ransomware gang extorted more than $60 million in ransom payments from victims between December 2021...| Security Joes
PlugX is a malware family first spotted in 2008. It is a Remote Access Trojan that has been used by several threat actors and provides...| Security Joes
According to Cyberscoop, "Multiple Montenegrin government websites remained inaccessible Friday, a week after government officials there...| Security Joes
According to BleepingComputer, "Hackers continue to exploit the Log4j vulnerability in vulnerable applications, as shown by the Iranian...| Security Joes
Mission "Data Destruction": A Large-scale Data-Wiping Campaign Targeting Israel| Security Joes
Security Joes Incident Response team volunteered to assist Israeli companies during the times of war between the state of Israel and the terrorist organization Hamas. During the forensics investigation, we found what appears to be a new Linux Wiper malware we track as BiBi-Linux Wiper.This malware is an x64 ELF executable, lacking obfuscation or protective measures. It allows attackers to specify target folders and can potentially destroy an entire operating system if run with root permissions.| Security Joes