Welcome to our weekly security detection and report update. Our Incident Detection Engineering (IDE) Team is constantly hard at work. Creating, testing, and writing detections for you! This week, we've made several important updates to improve your security posture and enhance the functionality of our detections. As you might know, monthly, we also release an overview of the entirety of what was changed in the product. However in these updates we'll focus on the net new content that IDE provides on an ongoing basis, musings from our team, and maybe the occasional horoscope if you're lucky.
This week was split up into research, bug fixes and the detection and report listed below!
Your Mira provided cybersecurity horoscope for today:
By utilizing Blumira to safeguard your environment, the stars align favorably for your venture. Your foresight in choosing advanced cybersecurity solutions heralds a period of robust protection and trust, strengthening your relationships and business ventures. Innovations and strategic decisions will lead to growth, setting you apart as a leader in your industry. The commitment to excellence and security you've shown will attract prosperous opportunities and lasting success.
This update introduces several new detections, including:
This TTP has been associated with SocGholish incidents and is a valid indicator of suspicious behavior that should be investigated. This detection identifies when JavaScript files are run from User or Public user directories (downloads, desktop, etc). For more information, click here.
This update introduces new global reports, including:
This global report has been created to find Google Workspace docs or drive items that have had their ACL (Access Control List) modified. For best results you can customize the report with the target and actor not containing your domain(s) to remove internal changes.