Blog

In an unfolding crisis that strikes at the heart of America’s maritime defense capabilities, Eastern Shipbuilding Group, Inc., a cornerstone in the construction of the United States Coast Guard’s (USCG) Offshore Patrol Cutter (OPC) fleet, faces a dire situation that could have far-reaching implications for national security. This comes in the wake of a cybersecurity…

Author: David Maynor James McMurry ‘s post the other day got me thinking about Waffles. Who doesn’t like Waffles right?  Especially from Waffle House. The resilience and adaptability inherent in both the evolution of the LockBit ransomware group and the operational steadfastness of Waffle House, though under vastly different circumstances, highlight key principles in navigating…

Just when we thought we’d seen it all, LockBit, the notorious ransomware heavyweight, got knocked down only to bounce back up with a cheeky grin. It’s like that moment in a movie when the villain you thought was done for winks at the camera, and you know the sequel’s going to be epic. Welcome to…

Ah, gather ’round, dear friends, for the curious case of Pearl, the IT Administrator who took “casual Fridays” to mean “casual cybersecurity.” You see, Pearl was the sort of chap who loved the comforts of his home office so much that he ensured the firewall at his workplace was as welcoming as an open-door neighborhood…

Your Data, Your Rules Data isn’t just numbers and bytes; it’s the DNA of your cybersecurity. That’s why we’re flipping the script and offering free data retention in cold storage for all our contracted Threat Hunting clients. Trust Isn’t Bought, It’s Earned You’ve trusted us to safeguard your digital treasure trove. Now we’re returning the…

As the Labor Day weekend rolls in, and families across the nation take a well-deserved break, I find myself reflecting on the ever-evolving challenge that is cybersecurity. In a world where digital interactions define our daily lives, the importance of robust cyber defenses cannot be overstated. It brings to mind a quote by Winston Churchill:…

As the Director of Security and Threat Operations at ThreatHunter.ai, I’ve seen my fair share of battles in the war against bad hackers, APTs, and ransomware. And every time, my team and I are ready to fight. Recently, we faced a new threat – a ransomware attack that was quickly spreading to other companies in…

As someone who has spent over 25 years in the IT and information security field, I have seen a lot of changes and trends come and go. But one thing that has remained consistent throughout the years is the importance of doing the basics when it comes to improving security. While it may not be…

As the CEO and Founder of ThreatHunter.ai, and known in some circles as the Whiskey Hacker, I’ve dedicated my life to creating an innovative cybersecurity solution that tackles common challenges like alert fatigue, improper system tuning, outdated threat intelligence, and lack of continuous real-time event correlation. But above all, my passion and motivation stem from…

In today’s world, businesses face an ever-increasing number of cyber threats, ranging from ransomware attacks to zero-day vulnerabilities. With the rise of threat actors and their advanced tactics, businesses need to be proactive in their approach to cybersecurity. That’s where threat hunting comes in. In this blog post, we’ll explore the benefits of threat hunting…

Cybersecurity is more complex than ever, with threats evolving and becoming more sophisticated every day. That’s why ThreatHunter.ai is proud to announce the launch of its comprehensive FIVE EYES cybersecurity solution, designed to provide complete coverage and protection against all manner of threats. FIVE EYES represents the culmination of ThreatHunter.ai’s decades of experience in the…

Happy Tuesday ! Rev up those patching engines, WSUS and SCCM! Microsoft has just released updates for a whopping 109 vulnerabilities! Out of those, 9 are critical, and you need to pay attention to two of them right away. The first one is the Windows SmartScreen Security Feature Bypass Vulnerability, which you can find at…

I want to share something I sent internally today to everyone at Milton/ThreatHunter.ai. I think we all forget to be proud of our accomplishments, in every part of our life. I am so proud of what everyone has done at ThreatHunter.ai has done, and I want them to be proud of it, they have built something from…

Fortinet has released security advisory FG-IR-22-398, warning that the heap-based buffer overflow vulnerability in its FortiOS SSL-VPN has been actively exploited in attacks. The company recommends that all users update to the following versions to fix the bug: FortiOS 6.4.3 to 6.4.3.14, 6.2.6 to 6.2.6.6, and 5.6.12 to 5.6.12.5. Additionally, Fortinet has provided indicators of…

December 6, 2022 In today’s digital world, businesses of all sizes are under constant threat from cyber attacks. From fishing, phishing, vishing to ransomware and malware, attackers are using increasingly sophisticated tactics to breach networks and steal sensitive and ransom data. To defend against these threats, businesses must adopt a hyper-proactive approach to cybersecurity. This…

Here’s a Friday tech tip before you head out for the weekend.You know how your users (and sometimes even yourself) get locked out of their accounts, and they don’t know where they logged in exactly? Going to the AD Event viewer is not always very helpful either.You see the account name and the error message,…

You’re sitting on the beautiful Palm Beach in Aruba, the waves gently lapping onto the shore. The sun is shining and your skin is soaking up every last ray while you’re sipping on your White Whiskey Punch. Suddenly there is a knock at the door and you are snapped back to reality. You find yourself…

On Microsoft’s Patch Tuesday for April 12, 2022, Microsoft issued a slew of patches including one for a Remote Procedure Call (RPC) Runtime Remote Code Execution (RCE) Vulnerability which is listed as CVE-2022-26809. This CVE holds a CVSS score of 9.8 and is listed as Critical. About CVE-2022-26809 The Remote Procedure Call Runtime Remote Code…

Earlier this month Congress passed a huge bill, which included a 9,099 word section on the Cyber Incident Reporting for Critical Infrastructure Act of 2022. But don’t worry, because you don’t have to read it. In this post, we’ll let you know the highlights of the Cyber Incident Reporting for Critical Infrastructure Act of 2022…

A Domain Generation Algorithm (DGA) is pretty much exactly like it sounds. It is a technique that attackers use to automate the generation of dynamic domain names and IPs that can point back to their Command & Control servers in an effort to avoid detection. Summer is coming, so this metaphor is apropo – think…

In our last blog post I provided 4 reasons why you need MDR, right now!. To recap, those reasons are: Mean Time To Detect Mean Time To Alert / Notify Mean Time To Respond Mean Time To Mitigate / Stop Today we’re going to discuss the first crucial idea for analyzing your security posture and protecting…

With Russia and Ukraine plastered all over every media outlet recently, I was taking some time to reflect on what this meant for organizations. There is a lot of Fear, Uncertainty, and Doubt (FUD as we like to call it) running rampant through the minds of leaders who are desperately trying to keep their organizations…

With the war drums beating louder and louder every day and Russia moving troops and equipment around Ukraine, a broader dis-information campaign and cyber attacks against Ukraine started weeks ago. These attacks have gradually picked up pace, including the defacement of Ukrainian government websites last week. In response to the increasing tensions and signs pointing…

2021 was truly an eventful year for cybersecurity, from start to finish. We saw all the same issues we saw in 2020 and before; Ransomware, Supply Chain Attacks, DDoS, Defacements, just to name a few. Through it all, we at Milton, along with many others in the Cybersecurity / Infosec industry keep repeating the same…

If you’re looking for important days or events in October, you’ll probably stumble across a bunch of sites listing out individual days that are loosely observed both nationally and internationally. For example, October 1st, among other things, is recognized as International Coffee Day and October 10th is World Mental Health Day – both great days…

This is the final installment of our 12 weeks of Q&A, but don’t let that deter you from ever asking more questions. I’m always available to answer any questions that you might have, whether general or technical, so don’t be bashful and hit reply to this email and let me know what’s on your mind….

Welcome back! There’s been a lot going on in the cybersecurity / Infosec world over the last couple of months. Every day on the news we hear about new ransomware targets, 0-day exploits in the wild (like the PrintNightmare and Kaseya exploits) and other malicious activity from nation-states and groups that are taking advantage of…

UPDATED 7/2/21: We’ve included additional guidance for mitigating this exploit as well as a method for detection. For your security, please take this notice seriously. A new 0-day exploit, dubbed PrintNightmare, has been discovered in the wild that is allowing attackers to gain access to Windows Domain Controllers (DC) and execute remote code. Yes, authentication…

It’s been a couple weeks since we posted a Q&A. We were busy celebrating our 14th anniversary as an organization and while that’s not one of the “big” birthdays, we wanted to take the time to reflect on where we started and how far we’ve come so far.In all of the celebration, we wanted to…

Hello again! This week’s email might feel a little different than previous weeks. Today, I’m going to take you on a tour of our Security Operations Center (SOC). Before you ask, yes, it’s still completely locked down and secure at all times due to the very sensitive nature of our work and, of course, DFAR…

Before our brief detour last week to walk through the Colonial Pipeline breach and the craziness that stemmed from the shutdown of their IT, OT, and IC systems, we were talking about threat intelligence, and more specifically, Attack Vectors. Remember that malicious actors use attack vectors to exploit your people, processes, and technology. We also…

While it’s easy to slip into a mode of fear, uncertainty, and doubt (just take a look at the gas stations on the East Coast), my intent is to provide some knowledge and education around the global threat that is ransomware. So what exactly happened with Colonial Pipeline? On May 7th, Colonial Pipeline Co., which…

Hello again! Last week we did a deep dive into data collection and how that data travels through the MACeBox and winds up at MACeHome. Now that it’s here, we need to begin building out our threat intelligence so that we can identify threats and respond accordingly. There are a few different ways that we…

In a previous Milton Q&A we talked about how we collect data and introduced you to the MACeBox, our Milton Argos Collection Engine system. The MACe really is the heart of the collection process. We also gave many examples of log types we collect, but we left it all at a very high level. Today,…

Many of you have asked me over the years if I could do more to help your security program, which is a really humbling experience – to be trusted well enough by you that you want more help and support. And it’s something that I’ve been thinking about because the Milton Security team and I…

One of the first questions we were asked this week was, “How do you collect data needed to properly hunt?” As you know, data is crucial for you and your team to be able to make informed business decisions. The Milton Security team is no different. We collect data from a plethora of sources to…

April 22, 2021 Welcome to week 5 of our Milton Q&A! This week we are answering the question: “How does incident response work?” Here at Milton Security we are able to support you through all phases of security incident response, from preparation to detection & analysis and on through containment, eradication and recovery. In fact,…

Welcome to week 4 of our Q&A! Today we are going to discuss a question we get often. This one stems from an industry that has trained everyone to consider limited scopes. The question is: “Do you work with ?” For many providers, your question is met with a “No, But….” or a list of “integrations”…

The last couple of days we have seen an immense amount of information sharing in a very short period of time. Quite personal information that has been shared in a permanent and public fashion. Information that endangers multi-billion corporations, government agencies and personal fortunes. With this information in hand, malicious actors have an opportunity to…

Welcome to the third installment of Milton Q&A, where you ask the cybersecurity questions that are on your mind and I answer them. This week we are looking at the difference between MSSPs and MDR. Buckle up for this one, there’s a lot of acronyms and terms to cover. MSSPs (Managed Security Service Providers) provide two…

Hi again! In the first of our 12-part Q&A series last week, we answered the question “How do we collect data?” Today, we’re going to talk about what we do with that data once it arrives back at HQ. After the journey back to MACeHome, the collected data is passed through our AI/ML models (The…

Today in Spokane Washington Federal Court, the US Government unsealed indictments against two Chinese citizens for numerous charges related to hacking, gaining illegal access to systems, wire fraud, identity theft, and theft of trade secrets.This ongoing attack against the US and European Union started way back in 2009. Yes, you read that right, 11 years…

This month marks another birthday for Milton Security. While we’ve come across many black cats and can’t count the number of times we’ve debated walking under or around the ladder, this is one we couldn’t avoid. We’re turning 13.As you are probably keenly aware, we do love a challenge. Back when I came home and…

History as we know it, is recorded; somewhere by someone or something. We learn from these historical documents. They are entered as evidence in legal proceedings. We use these documents and pictures as a means of learning and education, to ensure we do not repeat past failures. To find the flaws and to correct as…

Of course when Jim was writing his last blog post, the embargo was ending on two major vulnerabilities within a range of CPU processors (aka Spectre & Meltdown). With Spectre & Meltdown, we are looking at a vulnerability that is worse than heartbleed and bash bug put together. At its basis, it appears this attack…

First, this is not one of those far reaching blog posts full of marketing speak, fear, uncertainty or doubt to get you to buy blinky lights. My personal goals for 2018 include, writing, sharing, and helping others more often. This past weekend, I started thinking about how I would accomplish this in 2018, when a…

An average organization has more than 50 technologies deployed that assist in keeping its most valued assets protected against a variety of attacks and adversaries but not enough experts to manage them. Moreover, how do organizations align their compliance efforts, defensive controls, and other security efforts with the business’ goals? Over more than 15 years…

A vulnerability was found by James Forshaw of Google Project Zero in January that exploits a bug in Windows COM Aggregate Marshaler that an attacker can use to elevate privileges. It gave Microsoft 90 days to patch, which they have with last month’s security updates. To exploit the vulnerability, an attacker could run a specially crafted application…

It is 2017, and gaining unauthorized access to systems is getting easier and easier. Seems a Biker Gang gained access to a key database for Jeep vehicles. Using this database they were able to look up VIN’s for 150 Jeep Wranglers in San Diego county, duplicate their keys, and make off with the vehicles which…

Much like the EternalBlue exploit that was released in April 2017 after being stolen from the NSA, Samba was discovered to have a remote code execution vulnerability as well. Dubbed ‘EternalRed’ by industry-types, this vulnerability dates as far as 2010. So even if you chose the red pill thinking Linux was a safer alternative, for 7 years…

In Early April, an advisory was released forCVE-2017-0199, the vulnerability exists in the way that Microsoft Office and WordPad parse specially crafted files.Patches that were released included mitigation for Office 2007/2010/2013/2016 and Wordpad for Windows versions Vista/7/8/2008/2012. It’s related to the Windows Object Linking and Embedding (OLE), it can be exploited through a Microsoft Word…

A few weeks ago ShadowBrokers released a dump of NSA/EquationGroup tools used to exploit various machines that they previously tried to auction off unsuccessfully. One of the exploits was for Windows SMB RCE which allowed an unauthenticated attacker to gain System-level privileges on target machines remotely by sending a specially crafted packet to a targeted SMB server….

Security is a big field that continues to grow year after year. Companies around the world keep innovating and creating products that are prime for hacking. When you take a hard look at how to protect yourself, you begin to feel like this is just a big game of chess, moves and countermoves. Luckily though,…

Lately my focus has been on looking at traffic. Whether it’s the traffic visiting the AsTech website, traffic at a client site that seems to indicate they are under attack, or traffic on a LAN segment, traffic is flowing all the time. So, I started to wonder, what is all this traffic? In my pursuits to pull…

There are many tasks for a development team to take on in the cyber security world, some are small and extremely complex while others are simpler but far larger in scope. One item in this later group is a process of what I like to call augmentation, or third party support, and it can be…

I read articles almost daily about the skills gap and lack of qualified personnel within the Information Security profession. Just recently, Forbes ran an article that stated by 2019 there will be a shortage of 2 million cyber security jobs. Entrepreneur ran an article entitled “Why you Should Consider Outsourcing Computer Security.” In that article…

I had a couple of weeks of transition and I was talking with my friend Jim McMurry and he was telling me he could hardly believe he started his company, Milton Security, 10 years ago. Wow! 10 years I thought, from an idea and a desire to a company that has had ups and downs…

This is an important year for me personally, and for the Milton family. Since starting Milton Security in 2007 I have always tried to make every new hire, and every new customer, a part of the Milton Family. Being part of a family is very different than using a product or service from other companies….

** Breaking News ** German Prosecutor Office in Cologne and the German Federal Police announced today they have arrested a British National who they are accusing of being the mastermind behind last years Internet of Things attack (MIRAI attack). The original press release (in German) is here : The Google translated version of the Press Release…

Over the past 10 years that we’ve grown Milton Security, our strategy has always been to assist our clients in mitigating risk, securing their assets and to go above & beyond expectations. We have learned a lot over this time period. The single most recurring theme we’ve seen is one of resource constraints including; budget,…