Blog

1MC Labs at ThreatHunter.ai Uncovers Potential Resurgence of Dormant Nation-State Infrastructure Through Advanced Retro Hunting Techniques

Author : James McMurry Brea, CA, :: 1MC Labs, the Threat Intelligence division of ThreatHunter.ai, has identified the possible resurgence of over 650 IPs and domains tied to a well-known nation-state threat actor infrastructure that was heavily active 2016 to 2021. This infrastructure, which had been dormant for years, have recently reactivated, with 40% of…

Continue Reading

LockBit Breach Exposes Chinks in Armor: Eastern Shipbuilding’s Crisis Threatens Coast Guard Capability and National Security

In an unfolding crisis that strikes at the heart of America’s maritime defense capabilities, Eastern Shipbuilding Group, Inc., a cornerstone in the construction of the United States Coast Guard’s (USCG) Offshore Patrol Cutter (OPC) fleet, faces a dire situation that could have far-reaching implications for national security. This comes in the wake of a cybersecurity…

Continue Reading

LockBit: Serving Up Cyber Trouble with Waffle House’s Resilience

Author: David Maynor James McMurry ‘s post the other day got me thinking about Waffles. Who doesn’t like Waffles right?  Especially from Waffle House. The resilience and adaptability inherent in both the evolution of the LockBit ransomware group and the operational steadfastness of Waffle House, though under vastly different circumstances, highlight key principles in navigating…

Continue Reading

Free Data Retention: Why It’s the Right Thing to Do

Your Data, Your Rules Data isn’t just numbers and bytes; it’s the DNA of your cybersecurity. That’s why we’re flipping the script and offering free data retention in cold storage for all our contracted Threat Hunting clients. Trust Isn’t Bought, It’s Earned You’ve trusted us to safeguard your digital treasure trove. Now we’re returning the…

Continue Reading

Labor Day Weekend And Standing Guard in the Digital Realm

As the Labor Day weekend rolls in, and families across the nation take a well-deserved break, I find myself reflecting on the ever-evolving challenge that is cybersecurity. In a world where digital interactions define our daily lives, the importance of robust cyber defenses cannot be overstated. It brings to mind a quote by Winston Churchill:…

Continue Reading

Unleashing the Hunters: A Story of Battling Advanced Cyber Threats

As the Director of Security and Threat Operations at ThreatHunter.ai, I’ve seen my fair share of battles in the war against bad hackers, APTs, and ransomware. And every time, my team and I are ready to fight. Recently, we faced a new threat – a ransomware attack that was quickly spreading to other companies in…

Continue Reading

Back to the Basics

As someone who has spent over 25 years in the IT and information security field, I have seen a lot of changes and trends come and go. But one thing that has remained consistent throughout the years is the importance of doing the basics when it comes to improving security. While it may not be…

Continue Reading

The Whiskey Hacker’s Passion for Winning the Cybersecurity Chess Match: A First-Person Account from James McMurry, CEO of ThreatHunter.ai

As the CEO and Founder of ThreatHunter.ai, and known in some circles as the Whiskey Hacker, I’ve dedicated my life to creating an innovative cybersecurity solution that tackles common challenges like alert fatigue, improper system tuning, outdated threat intelligence, and lack of continuous real-time event correlation. But above all, my passion and motivation stem from…

Continue Reading

The Benefits of Threat Hunting in Mitigating Cyber Threats

In today’s world, businesses face an ever-increasing number of cyber threats, ranging from ransomware attacks to zero-day vulnerabilities. With the rise of threat actors and their advanced tactics, businesses need to be proactive in their approach to cybersecurity. That’s where threat hunting comes in. In this blog post, we’ll explore the benefits of threat hunting…

Continue Reading

Introducing ThreatHunter.ai’s FIVE EYES: The Ultimate Cybersecurity Solution

Cybersecurity is more complex than ever, with threats evolving and becoming more sophisticated every day. That’s why ThreatHunter.ai is proud to announce the launch of its comprehensive FIVE EYES cybersecurity solution, designed to provide complete coverage and protection against all manner of threats. FIVE EYES represents the culmination of ThreatHunter.ai’s decades of experience in the…

Continue Reading

Happy Patch Tuesday – March 2023 edition

Happy Tuesday ! Rev up those patching engines, WSUS and SCCM! Microsoft has just released updates for a whopping 109 vulnerabilities! Out of those, 9 are critical, and you need to pay attention to two of them right away. The first one is the Windows SmartScreen Security Feature Bypass Vulnerability, which you can find at…

Continue Reading

A Reflection on Milton/Threathunter.ai – Thoughts from our CEO

I want to share something I sent internally today to everyone at Milton/ThreatHunter.ai. I think we all forget to be proud of our accomplishments, in every part of our life. I am so proud of what everyone has done at ThreatHunter.ai has done, and I want them to be proud of it, they have built something from…

Continue Reading

Fortinet has released security advisory FG-IR-22-398

Fortinet has released security advisory FG-IR-22-398, warning that the heap-based buffer overflow vulnerability in its FortiOS SSL-VPN has been actively exploited in attacks. The company recommends that all users update to the following versions to fix the bug: FortiOS 6.4.3 to 6.4.3.14, 6.2.6 to 6.2.6.6, and 5.6.12 to 5.6.12.5. Additionally, Fortinet has provided indicators of…

Continue Reading

Threat Hunting: The Necessity of Proactive Cybersecurity

December 6, 2022 In today’s digital world, businesses of all sizes are under constant threat from cyber attacks. From fishing, phishing, vishing to ransomware and malware, attackers are using increasingly sophisticated tactics to breach networks and steal sensitive and ransom data. To defend against these threats, businesses must adopt a hyper-proactive approach to cybersecurity. This…

Continue Reading

Friday Tip: One way to track down elusive account lockouts

Here’s a Friday tech tip before you head out for the weekend.You know how your users (and sometimes even yourself) get locked out of their accounts, and they don’t know where they logged in exactly? Going to the AD Event viewer is not always very helpful either.You see the account name and the error message,…

Continue Reading

Top 5 Cybersecurity Readiness Tips Before You Go On Vacation

You’re sitting on the beautiful Palm Beach in Aruba, the waves gently lapping onto the shore. The sun is shining and your skin is soaking up every last ray while you’re sipping on your White Whiskey Punch. Suddenly there is a knock at the door and you are snapped back to reality. You find yourself…

Continue Reading

What You Need to Know About CVE-2022-26809

On Microsoft’s Patch Tuesday for April 12, 2022, Microsoft issued a slew of patches including one for a Remote Procedure Call (RPC) Runtime Remote Code Execution (RCE) Vulnerability which is listed as CVE-2022-26809. This CVE holds a CVSS score of 9.8 and is listed as Critical. About CVE-2022-26809 The Remote Procedure Call Runtime Remote Code…

Continue Reading

The Domain Generation Algorithm Dilemma

A Domain Generation Algorithm (DGA) is pretty much exactly like it sounds. It is a technique that attackers use to automate the generation of dynamic domain names and IPs that can point back to their Command & Control servers in an effort to avoid detection. Summer is coming, so this metaphor is apropo – think…

Continue Reading

Mean Time To Detect: What does that mean to me?

In our last blog post I provided 4 reasons why you need MDR, right now!. To recap, those reasons are: Mean Time To Detect Mean Time To Alert / Notify Mean Time To Respond Mean Time To Mitigate / Stop Today we’re going to discuss the first crucial idea for analyzing your security posture and protecting…

Continue Reading

4 Reasons Why You Need MDR, Right Now!

With Russia and Ukraine plastered all over every media outlet recently, I was taking some time to reflect on what this meant for organizations. There is a lot of Fear, Uncertainty, and Doubt (FUD as we like to call it) running rampant through the minds of leaders who are desperately trying to keep their organizations…

Continue Reading

CISA Cybersecurity Measures for Russian APTs

With the war drums beating louder and louder every day and Russia moving troops and equipment around Ukraine, a broader dis-information campaign and cyber attacks against Ukraine started weeks ago. These attacks have gradually picked up pace, including the defacement of Ukrainian government websites last week. In response to the increasing tensions and signs pointing…

Continue Reading

New Year, Still the Same Issues

2021 was truly an eventful year for cybersecurity, from start to finish. We saw all the same issues we saw in 2020 and before; Ransomware, Supply Chain Attacks, DDoS, Defacements, just to name a few. Through it all, we at Milton, along with many others in the Cybersecurity / Infosec industry keep repeating the same…

Continue Reading

October is Cybersecurity Awareness Month

If you’re looking for important days or events in October, you’ll probably stumble across a bunch of sites listing out individual days that are loosely observed both nationally and internationally. For example, October 1st, among other things, is recognized as International Coffee Day and October 10th is World Mental Health Day – both great days…

Continue Reading

Why Choose Milton?

This is the final installment of our 12 weeks of Q&A, but don’t let that deter you from ever asking more questions. I’m always available to answer any questions that you might have, whether general or technical, so don’t be bashful and hit reply to this email and let me know what’s on your mind.…

Continue Reading

Fear, Uncertainty, and Doubt – Oh My!

Welcome back! There’s been a lot going on in the cybersecurity / Infosec world over the last couple of months. Every day on the news we hear about new ransomware targets, 0-day exploits in the wild (like the PrintNightmare and Kaseya exploits) and other malicious activity from nation-states and groups that are taking advantage of…

Continue Reading

PrintNightmare: 0-Day Exploit for Windows Domain Server Print Spooler

UPDATED 7/2/21: We’ve included additional guidance for mitigating this exploit as well as a method for detection. For your security, please take this notice seriously. A new 0-day exploit, dubbed PrintNightmare, has been discovered in the wild that is allowing attackers to gain access to Windows Domain Controllers (DC) and execute remote code. Yes, authentication…

Continue Reading

Milton Security – The Origin Story

It’s been a couple weeks since we posted a Q&A. We were busy celebrating our 14th anniversary as an organization and while that’s not one of the “big” birthdays, we wanted to take the time to reflect on where we started and how far we’ve come so far.In all of the celebration, we wanted to…

Continue Reading

Take a tour of the Milton SOC

Hello again! This week’s email might feel a little different than previous weeks. Today, I’m going to take you on a tour of our Security Operations Center (SOC). Before you ask, yes, it’s still completely locked down and secure at all times due to the very sensitive nature of our work and, of course, DFAR…

Continue Reading

Threat Hunting: IoC, IoT and ML

Before our brief detour last week to walk through the Colonial Pipeline breach and the craziness that stemmed from the shutdown of their IT, OT, and IC systems, we were talking about threat intelligence, and more specifically, Attack Vectors. Remember that malicious actors use attack vectors to exploit your people, processes, and technology. We also…

Continue Reading

A recap on the Colonial Pipeline ransomware attack

While it’s easy to slip into a mode of fear, uncertainty, and doubt (just take a look at the gas stations on the East Coast), my intent is to provide some knowledge and education around the global threat that is ransomware. So what exactly happened with Colonial Pipeline? On May 7th, Colonial Pipeline Co., which…

Continue Reading

What are attack vectors? How are they used?

Hello again! Last week we did a deep dive into data collection and how that data travels through the MACeBox and winds up at MACeHome. Now that it’s here, we need to begin building out our threat intelligence so that we can identify threats and respond accordingly. There are a few different ways that we…

Continue Reading

How we collect data [Part 2]

In a previous Milton Q&A we talked about how we collect data and introduced you to the MACeBox, our Milton Argos Collection Engine system. The MACe really is the heart of the collection process. We also gave many examples of log types we collect, but we left it all at a very high level. Today,…

Continue Reading

Announcing the Launch of Milton’s Expert Services

Many of you have asked me over the years if I could do more to help your security program, which is a really humbling experience – to be trusted well enough by you that you want more help and support. And it’s something that I’ve been thinking about because the Milton Security team and I…

Continue Reading

How do we collect data?

One of the first questions we were asked this week was, “How do you collect data needed to properly hunt?” As you know, data is crucial for you and your team to be able to make informed business decisions. The Milton Security team is no different. We collect data from a plethora of sources to…

Continue Reading

How does incident response work?

April 22, 2021 Welcome to week 5 of our Milton Q&A! This week we are answering the question: “How does incident response work?” Here at Milton Security we are able to support you through all phases of security incident response, from preparation to detection & analysis and on through containment, eradication and recovery. In fact,…

Continue Reading

Do you work with [insert preferred tool here]?

Welcome to week 4 of our Q&A! Today we are going to discuss a question we get often. This one stems from an industry that has trained everyone to consider limited scopes. The question is: “Do you work with ?” For many providers, your question is met with a “No, But….” or a list of “integrations”…

Continue Reading

Sharing is Not Caring

The last couple of days we have seen an immense amount of information sharing in a very short period of time. Quite personal information that has been shared in a permanent and public fashion. Information that endangers multi-billion corporations, government agencies and personal fortunes. With this information in hand, malicious actors have an opportunity to…

Continue Reading

What’s the difference between MSSP and MDR?

Welcome to the third installment of Milton Q&A, where you ask the cybersecurity questions that are on your mind and I answer them. This week we are looking at the difference between MSSPs and MDR. Buckle up for this one, there’s a lot of acronyms and terms to cover. MSSPs (Managed Security Service Providers) provide two…

Continue Reading

What do we do with the data?

Hi again! In the first of our 12-part Q&A series last week, we answered the question “How do we collect data?” Today, we’re going to talk about what we do with that data once it arrives back at HQ. After the journey back to MACeHome, the collected data is passed through our AI/ML models (The…

Continue Reading

CHINA Caught Red Handed

Today in Spokane Washington Federal Court, the US Government unsealed indictments against two Chinese citizens for numerous charges related to hacking, gaining illegal access to systems, wire fraud, identity theft, and theft of trade secrets.This ongoing attack against the US and European Union started way back in 2009. Yes, you read that right, 11 years…

Continue Reading

It’s Our Birthday

This month marks another birthday for Milton Security. While we’ve come across many black cats and can’t count the number of times we’ve debated walking under or around the ladder, this is one we couldn’t avoid. We’re turning 13.As you are probably keenly aware, we do love a challenge. Back when I came home and…

Continue Reading

History Recorded, Logs and All The Things

History as we know it, is recorded; somewhere by someone or something. We learn from these historical documents. They are entered as evidence in legal proceedings. We use these documents and pictures as a means of learning and education, to ensure we do not repeat past failures. To find the flaws and to correct as…

Continue Reading

Spectre and Meltdown : Burning Down The House

Of course when Jim was writing his last blog post, the embargo was ending on two major vulnerabilities within a range of CPU processors (aka Spectre & Meltdown). With Spectre & Meltdown, we are looking at a vulnerability that is worse than heartbleed and bash bug put together. At its basis, it appears this attack…

Continue Reading

Happy New Year, Same as the Old Year

First, this is not one of those far reaching blog posts full of marketing speak, fear, uncertainty or doubt to get you to buy blinky lights. My personal goals for 2018 include, writing, sharing, and helping others more often. This past weekend, I started thinking about how I would accomplish this in 2018, when a…

Continue Reading

Security is not a project

An average organization has more than 50 technologies deployed that assist in keeping its most valued assets protected against a variety of attacks and adversaries but not enough experts to manage them. Moreover, how do organizations align their compliance efforts, defensive controls, and other security efforts with the business’ goals? Over more than 15 years…

Continue Reading

CVE-2017-0213: Windows COM Privilege Escalation Vulnerability

A vulnerability was found by James Forshaw of Google Project Zero in January that exploits a bug in Windows COM Aggregate Marshaler that an attacker can use to elevate privileges. It gave Microsoft 90 days to patch, which they have with last month’s security updates. To exploit the vulnerability, an attacker could run a specially crafted application…

Continue Reading

Biker Gang uses hacking skills

It is 2017, and gaining unauthorized access to systems is getting easier and easier. Seems a Biker Gang gained access to a key database for Jeep vehicles. Using this database they were able to look up VIN’s for 150 Jeep Wranglers in San Diego county, duplicate their keys, and make off with the vehicles which…

Continue Reading

EternalRed – CVE-2017-7494

Much like the EternalBlue exploit that was released in April 2017 after being stolen from the NSA, Samba was discovered to have a remote code execution vulnerability as well. Dubbed ‘EternalRed’ by industry-types, this vulnerability dates as far as 2010. So even if you chose the red pill thinking Linux was a safer alternative, for 7 years…

Continue Reading

Analysis of CVE-2017-0199, MS Word Threats are back

In Early April, an advisory was released forCVE-2017-0199, the vulnerability exists in the way that Microsoft Office and WordPad parse specially crafted files.Patches that were released included mitigation for Office 2007/2010/2013/2016 and Wordpad for Windows versions Vista/7/8/2008/2012. It’s related to the Windows Object Linking and Embedding (OLE), it can be exploited through a Microsoft Word…

Continue Reading

M17-010 EternalBlue

A few weeks ago ShadowBrokers released a dump of NSA/EquationGroup tools used to exploit various machines that they previously tried to auction off unsuccessfully. One of the exploits was for Windows SMB RCE which allowed an unauthenticated attacker to gain System-level privileges on target machines remotely by sending a specially crafted packet to a targeted SMB server.…

Continue Reading

Cyber Security is a team sport, Stack Your Team!

Security is a big field that continues to grow year after year. Companies around the world keep innovating and creating products that are prime for hacking. When you take a hard look at how to protect yourself, you begin to feel like this is just a big game of chess, moves and countermoves. Luckily though,…

Continue Reading

Known vs Unknown

Lately my focus has been on looking at traffic. Whether it’s the traffic visiting the AsTech website, traffic at a client site that seems to indicate they are under attack, or traffic on a LAN segment, traffic is flowing all the time. So, I started to wonder, what is all this traffic? In my pursuits to pull…

Continue Reading

Not all development tasks bring on Rock Star feelings

There are many tasks for a development team to take on in the cyber security world, some are small and extremely complex while others are simpler but far larger in scope. One item in this later group is a process of what I like to call augmentation, or third party support, and it can be…

Continue Reading

Finding a Partner in Security

I read articles almost daily about the skills gap and lack of qualified personnel within the Information Security profession. Just recently, Forbes ran an article that stated by 2019 there will be a shortage of 2 million cyber security jobs. Entrepreneur ran an article entitled “Why you Should Consider Outsourcing Computer Security.” In that article…

Continue Reading

Sometimes you gotta change the game

I had a couple of weeks of transition and I was talking with my friend Jim McMurry and he was telling me he could hardly believe he started his company, Milton Security, 10 years ago. Wow! 10 years I thought, from an idea and a desire to a company that has had ups and downs…

Continue Reading

German Police Arrest MIRAI Mastermind

** Breaking News ** German Prosecutor Office in Cologne and the German Federal Police announced today they have arrested a British National who they are accusing of being the mastermind behind last years Internet of Things attack (MIRAI attack). The original press release (in German) is here : The Google translated version of the Press Release…

Continue Reading

Let’s talk about SOC baby, let’s talk about you and me

Over the past 10 years that we’ve grown Milton Security, our strategy has always been to assist our clients in mitigating risk, securing their assets and to go above & beyond expectations. We have learned a lot over this time period. The single most recurring theme we’ve seen is one of resource constraints including; budget,…

Continue Reading