It came to our attention that under certain circumstances, after the upgrade to ASGARD 2.11, some ASGARD instances lost their scheduled task to automatically assign the newest signatures to scan jobs . We advice customers to review their update configuration if they...
We've created two ASGARD playbooks that can help you find Log4j libraries affected by CVE-2021-44228 (log4shell) and CVE-2021-45046 in your environment. Both playbooks can be found in our public Github repository. We've created a playbook named "log4j-analysis" that...
We have reviewed our products in order to identify services that use the vulnerable log4j library. Only Elastic Search in ASGARD Analysis Cockpit uses log4j but is NOT vulnerable. "Elasticsearch is not susceptible to remote code execution with this vulnerability due...
The Log4Shell vulnerability (CVE-2021-44228) in log4j is actively exploited in-the-wild and highly critical. This blog posts lists some important web resources and the signatures that detect exploitation attempts.LunaSec reported first on the vulnerability.Use this...
We have received reports from customers that were approached by service providers that offered compromise assessments with our scanner THOR. Subsequently, it appeared, however, that these providers used THOR Lite in their engagements and, when asked about this, argued...
The following recorded video session includes information about our new Sigma-based EDR agent called "Aurora" and the free "Aurora Lite". It's a preview of the agent with information on its features, limits, advantages and a live demo. The release is scheduled for...
We are glad to announce a new ASGARD Management Center (AMC) release with exciting new features and improvements.Sigma LogWatcher LogWatcher is a new service that applies Sigma rules to Windows Eventlog entries. It uses the big public Sigma rule base and has access to...
Since THOR and THOR Lite are tools written for digital forensic experts, they can be difficult to use. There is often a steep learning curve in the beginning. We'd like to help new users pass these first steps in a playful way by providing a TryHackMe challenge in...
The newest version 10.6.11 of THOR for macOS now has support for Apple's M1 platform. The THOR scanner binary is now a "universal" binary that runs on both supported platforms. You can find a list of supported architectures and operating systems in the respective...
Malware that deploys crypto mining software has become more and more popular and annoying. It's not always possible to scan every device in your network with our free or commercial compromise assessment scanners. The good news is that the mining pools for the most...
The following video shows a compromise assessment with our free THOR Lite scanner on a Microsoft Exchange 2019 server detecting ProxyShell and ProxyToken exploitation. We've done no post-editing in this video. You can jump to all findings using the video chapters....
Today, on 26th of August, we upgrade our update service infrastructure to a completely new service. What stays the same: Server names and IPs SSL/TLS Certificates What gets changed: We replace the service that handles requests and serves the update packages Affected...