On February 3rd, 2023, Todyl's MXDR observed threat actors using OneNote to deploy Qbot. This blog explores what the attack chain looks like and the key takeaways for businesses.
CISA, the NSA, and MS-ISAC released a joint advisory warning organizations that threat actors are using legitimate RMM tools to control victim machines after initial compromise. Get the key takeaways here.
On November 17, 2022 Todyl’s MXDR team observed new infections from a campaign that included the IcedID Trojan. This new activity targets users in the US with IRS notifications and file names.
In this blog, we provide background on LAPSUS$, a high-level overview of the Okta breach, and ways Todyl can help to detect and identify malicious activity.
On January 25, 2022, a Local Privilege Escalation Vulnerability was disclosed by Qualys. Todyl's Detection and Response Team implemented detection rules and is closely monitoring developments.
