Skip to content
Get A Demo
Free SIEM
    April 15, 2024

    Security Detection Update - 2024-4-16

    Welcome to our weekly security detection and report update. Our Incident Detection Engineering (IDE) Team is constantly hard at work. Creating, testing, and writing detections for you! This week, we've made several important updates to improve your security posture and enhance the functionality of our detections. As you might know, monthly, we also release an overview of the entirety of what was changed in the product. However in these updates we'll focus on the net new content that IDE provides on an ongoing basis, musings from our team, and maybe the occasional horoscope if you're lucky.

    Introduction and Overview

    This week was full of some detection maturity and threat research!


    New Detections

    This update introduces:

    Decimal Character Encoded Command

    No it's not just the spongebob meme.....

    This tactic is used by threat actors to obfuscate their commands and evade detection. Some administrators may also intentionally use this functionality, but it is extremely uncommon. For more information see here or here.

    • Status: Enabled
    • Log type requirement: Windows or Blumira Agent for Windows


    IDE Content

    Of course we're going to sneak some of our other content into detection updates!

    CVE-2024-3400: Palo Alto Vulnerabilities in GlobalProtect Gateway Lead to RCE

    On Friday (4-12-24), Palo Alto announced a new critical vulnerability in devices running their GlobalProtect Gateway. Successful exploitation of this vulnerability leads to command injection and allows an attacker to run arbitrary code as root on the device.

    Palo Alto disclosed that they are aware of a “limited number of attacks” using this vulnerability (CVE-2024-3400) in the wild. However, since this is a publicly facing service, it’s more than likely that attackers will begin to increasingly leverage this vulnerability.

    Amanda Berlin

    Amanda Berlin is Lead Incident Detection Engineer at Blumira, bringing nearly two decades of experience to her position. At Blumira she leads a team of incident detection engineers who are responsible for creating new detections based on threat intelligence and research for the Blumira platform. An accomplished...

    More from the blog

    View All Posts