Welcome to our weekly security detection and report update. Our Incident Detection Engineering (IDE) Team is constantly hard at work. Creating, testing, and writing detections for you! This week, we've made several important updates to improve your security posture and enhance the functionality of our detections. As you might know, monthly, we also release an overview of the entirety of what was changed in the product. However in these updates we'll focus on the net new content that IDE provides on an ongoing basis, musings from our team, and maybe the occasional horoscope if you're lucky.
Introduction and Overview
This week we spent working on prepping some awesome top secret upcoming features, and also some fun curl commands on windows.
New Detections
This update introduces:
File Download from IP URL via Curl.EXE
Curl is a command line tool that is most commonly used to transfer data to and from a server. While it is a useful tool for administrators and developers, it is also used by threat actors to download malicious files and applications from their attack infrastructure. Curl is packaged by default with Windows 10 and higher.
Amanda Berlin is Lead Incident Detection Engineer at Blumira, bringing nearly two decades of experience to her position. At Blumira she leads a team of incident detection engineers who are responsible for creating new detections based on threat intelligence and research for the Blumira platform. An accomplished...
