Name: August 2023 TRU Intelligence Briefing
Start: 2023-08-17T17:05:00Z
End: 2023-08-17T17:05:40.000Z
Location: BrightTALK
Rating: 5

eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization’s cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world’s most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks.  
For more information, visit www.esentire.com and follow @eSentire

Today's cybersecurity landscape is dominated by identity-focused attacks. Identity-driven threats have increased by 156% between 2023 and 2025, now representing 59% of all confirmed threat cases across the eSentire customer base.

Join Spence Hutchinson, Senior Manager, Threat Intelligence Research at eSentire as he shares new research from eSentire’s Threat Response Unit (TRU) that explores how the cybersecurity threat landscape has transformed significantly with identity-based attacks emerging as one of the most dominant threat vectors.

October 2025 ANZ TRU Intelligence Briefing On-Demand

Join eSentire’s Threat Response Unit (TRU) as they share new research-driven observations of malware, notable vulnerabilities, threat actor groups, and cyber activity affecting the threat landscape.

During the October Threat Intelligence Briefing, TRU reviewed:
- What’s the Fuss About NPM Attacks? The rising threat of malicious NPM packages from a threat intelligence viewpoint. The TRU team will examine how attackers exploit the software supply chain, highlight emerging trends and attacker behaviors, with real world examples, allowing you to understand the threat landscape and patterns observed across the ecosystem.
- NPM Package Compromise & Shai-Hulud Campaign: Safeguarding GitHub from Supply Chain Attacks. The TRU team will discuss how malicious actors compromise supply chains with our observations, highlight detection engineering and threat hunt efforts, and offer best practices to fortify against these emerging threats.
- Threat Landscape: Notable threats including malware observed by eSentire’s SOC (CastleBot, EthNodeBot, DarkCloud Stealer) as well as recently disclosed vulnerabilities (CVE-2025-26399 – SolarWinds, CVE-2025-20352 & CVE-2025-20333 – Cisco, CVE-2025-10035 - GoAnyWhere MFT).
- A brief geopolitical update on activity recently attributed to Iranian state-sponsored threat actors.
This webinar also included a live Q&A.

October 2025 TRU Intelligence Briefing On-Demand

Join eSentire’s Threat Response Unit (TRU) as they share new research-driven observations of malware, notable vulnerabilities, threat actor groups, and cyber activity affecting the threat landscape.
During the September Threat Intelligence Briefing, TRU reviewed:
- VPN and Firewall Edge Appliance Compromises: Recent global trends in VPN and firewall appliance compromises, including SonicWall, Fortinet, Cisco. The session will focus on threat actor activity, attack chains, exploited vulnerabilities, and key intelligence insights.
- High Value Targets - SonicWall Edition: Recent ransomware intrusions involving SonicWall devices to highlight adversary behavior, detections opportunities throughout the attack chain, and provide mitigation recommendations.
- Threat Landscape: Notable vulnerabilities (CVE-2025-25256 - NetScaler, CVE-2025-31324, CVE-2025-42999 – SAP, and CVE-2025-7775 – NetScaler) as well as malware recently observed by eSentire’s SOC (OtterCookie, HijackLoader, and PureRAT.).
This webinar also included a live Q&A.

September 2025 TRU Intelligence Briefing On-Demand

Join eSentire’s Threat Response Unit (TRU) as they share new research-driven observations of malware, notable vulnerabilities, threat actor groups, and cyber activity affecting the threat landscape.

During the August Threat Intelligence Briefing, TRU reviewed:
- Machine Key Abuse: An overview of View State code injection attacks, a sophisticated technique exploiting publicly known or compromised keys to execute malicious code and establish persistent, stealthy footholds on servers. This method has gained significant attention due to the recent surge in "Toolshell" exploitation campaigns and will likely lead to wider adoption.
- ToolShell Observations: Observations surrounding ToolShell exploitation including the different webshells eSentire has investigated along with mitigation and detection recommendations.
- Threat Landscape: Malware observed by eSentire’s SOC (Interlock Backdoor, ShadowCoil, WEEVILPROXY), and recently disclosed critical vulnerabilities (CVE-2025-54309 [CrushFTP], CVE-2025-20281 & CVE-2025-20337 [Cisco], CVE-2025-47812 [WingFTP]).
- A brief geopolitical update on Chinese state-sponsored APT activity.
This webinar also included a live Q&A.

August 2025 TRU Intelligence Briefing On-Demand

Join eSentire’s Threat Response Unit (TRU) as they share new research-driven observations of malware, notable vulnerabilities, threat actor groups, and cyber activity affecting the threat landscape.

During the July Threat Intelligence Briefing, TRU reviewed:
- Email Bombing and Microsoft Teams-Related Threats: Emerging threats targeting enterprise communication platforms, with a focus on email bombing campaigns and Microsoft
- Inbox Storm: Global insights into email bombing campaigns and the associated malware trends as well as an outlook on the anticipated evolution of this threat.
- Threat Landscape: Malware recently observed by eSentire's SOC, including CleanUpLoader, LegionLoader, and SilentRoute, as well as notable recently disclosed vulnerabilities (CVE-2025-5777, CVE-2025-5349, CVE-2025-6543 - Citrix, CVE-2025-5349 – Veeam, CVE-2025-33053 - Microsoft Windows).
- A brief geopolitical update on Iranian cyberattacks given the recent Israel-Iran conflict.
This webinar also included a live Q&A.

July 2025 TRU Intelligence Briefing On-Demand

In our newest threat briefing, we've compiled research conducted by eSentire’s Threat Response Unit (TRU) over the past year that highlights the most pressing threats impacting global organisations, such as business email compromise (BEC) attacks, signed malware, and ransomware.

Join Paul Aitken, Team Lead, Threat Intelligence at eSentire as he walks through new threat landscape observations based on cybersecurity incidents from across the eSentire customer base.

June 2025 ANZ TRU Intelligence Briefing On-Demand

Join eSentire’s Threat Response Unit (TRU) as they share new research-driven observations of malware, notable vulnerabilities, threat actor groups, and cyber activity affecting the threat landscape. 

During the June Threat Intelligence Briefing, TRU reviewed:
- New Identity Research from the TRU Team 
      - Identity Threats Exposed - Breaking Down the Numbers: Identity threats are on the rise, with threat actors using compromised credentials and making these identities central to their attack. Join the TRU team during the June webinar as they share original research that exposes the major identity-based attack trends from 2023-2025, including advanced phishing, brute force tactics, credential abuse and the rising surge of account takeovers.
     - Defending Against Identity Related Threats in 2025: The TRU team will reveal the latest identity-based threats observed by eSentire from insights across our customer base, show you how to spot them, and arm you with proactive defense strategies to protect your organization.
     - Threat Landscape: A review of notable vulnerabilities (CVE-2025-4427& CVE-2025-4428 – Ivanti, CVE-2025-32756 – Fortinet, CVE-2025-4632 – Samsung), and malware recently observed by eSentire’s SOC including BeaverTail, Lumma Stealer, and ResolverRAT.
- A brief geopolitical update on cyberattacks related to ongoing tensions.

This webinar also included a live Q&A.

June 2025 TRU Intelligence Briefing On-Demand

As cyber threats grow in volume and sophistication, organizations need more than periodic scans and reactive patching. Continuous Threat Exposure Management (CTEM) offers a proactive, structured approach to reducing risk across your entire attack surface – people, processes, and technology.

In this fireside chat webinar, Tia Hopkins and Bernard Montel discussed the importance of CTEM in enhancing cyber resilience and why the five stages of CTEM (i.e., scoping, discovery, prioritization, validation, and mobilization) are crucial for aligning security with business goals. They also highlight the role of Managed Detection and Response (MDR) in providing real-time visibility and prioritization based on actual threats.

Key topics discussed:
- The five essential stages of the CTEM framework – scoping, discovery, prioritization, validation, and mobilization – and why you can’t buy resilience in a box.
- How the expanding and complex attack surface demands a continuous, risk-based approach.
- How CTEM aligns with the NIST framework to help anticipate, withstand, recover, and adapt to cyber incidents.
- Use cases where real-world threat data enhances CTEM prioritization and how CTEM improves MDR operations.
- How exposure platforms map asset relationships to uncover and close critical vulnerabilities before they’re exploited.

Watch this webinar on-demand to learn how your organization can implement Continuous Threat Exposure Management (CTEM) to enhance your security outcomes, build cyber resilience, and prevent business disruption.

Building a Proactive Cyber Resilient Security Program with CTEM On-Demand

Join eSentire’s Threat Response Unit (TRU) as they share new research-driven observations of malware, notable vulnerabilities, threat actor groups, and cyber activity affecting the threat landscape.

During the May Threat Intelligence Briefing, TRU reviewed:
- North Korean IT Workers - A Growing Insider Threat: How North Korean IT workers infiltrate organizations, covering their TTPs, IOCs, and emerging trends like AI-driven deception and global expansion.
- North Korean Remote IT Worker Observations: eSentire's observations relating to the North Korean Remote IT workers and mitigation recommendations.
- Threat Landscape: An overview of malware observed by eSentire’s Security Operation Center (SOC), with a focus on BackConnect, ClearFake, and NetSupport RAT. This section will also include details on three notable vulnerabilities (CVE-2025-31324 SAP NetWeaver, CVE-2025-32432 Craft CMS, CVE-2025-34028 Commvault).
- A brief geopolitical update on activity associated with a Russian state-sponsored APT group.
This webinar also included a live Q&A.

May 2025 TRU Intelligence Briefing - May 13th

As the cyber threat landscape evolves, organizations must move beyond traditional vulnerability and risk management programs to a more dynamic, continuous approach to risk reduction. Continuous Threat Exposure Management (CTEM) is a structured methodology that enables security teams to identify, prioritize, and mitigate exposures before they can be exploited.

In this webinar, Tia Hopkins, Chief Cyber Resilience Officer and Field CTO at eSentire, breaks down the five stages of the CTEM framework and demonstrates why CTEM is a critical component of a modern cybersecurity strategy.

Key discussion topics include:
- Learning how the CTEM framework’s five stages help organizations continuously assess and mitigate risk
- Discovering how to transition from vulnerability management to exposure management and CTEM
- Understanding what CTEM is and why it’s a game-changer for modern cybersecurity strategies
- Exploring how CTEM enhances MDR to create a more comprehensive security posture
- Gaining actionable insights on how to build a resilient security program that anticipates, withstands, and recovers from threats effectively

Watch this on-demand webinar to learn how your organization can build cyber resilience by integrating CTEM into your cybersecurity strategy.

Strengthening Cyber Resilience with Continuous Threat Exposure Management (CTEM)

Today’s security leaders are no longer satisfied with reactive Managed Detection and Response (MDR), they’re seeking a proactive approach that continuously advances their security posture, reduces risk, and delivers heightened levels of protection to their organization.

In this webinar, Mark Gillett, Vice President of Product Management at eSentire, explored the next evolution in security operations outlining the 7 core foundational elements required to achieve optimal threat detection and Next Level MDR including:

Full visibility of the attack surface and commercially available detections
The ability to detect attacks designed to evade existing security tech in near real time
The capability to rapidly investigate threats, accurately identify attacks and prevent business disruption
Watch this on-demand webinar to learn how Next Level MDR can advance your security operations and deliver greater value to your organization.

Elevate Your Security Operation: Leveraging Next Level Managed Detection and Response (MDR)

Join eSentire’s Threat Response Unit (TRU) as they share new research-driven observations of malware, notable vulnerabilities, threat actor groups, and cyber activity affecting the threat landscape. 

During the April Threat Intelligence Briefing, TRU reviewed:
- Tycoon2FA: Insights on observations, detection coverage, and mitigation recommendations for the Tycoon2FA Phishing-as-a-Service kit.
- What the PhaaS - A Look at Top AiTM Services Leveraged in Attacks: An overview of recent trends in a surge of AiTM attacks in 2025 as well as a discussion around capabilities of Tycoon2FA, Mamba2FA and Sneaky2FA including how they intercept and replay authentication data to compromise accounts. The TRU team will also provide some insight into infrastructure used by these services and their customers.
- Threat Landscape: Malware recently observed by eSentire’s SOC (RansomHub, Koi Loader, Rhadamanthys Stealer) and notable vulnerabilities (CVE-2025-2825 CrushFTP, CVE-2025-24813 Apache, CVE-2025-29927 Next.js). 
- A brief geopolitical update on recent activity attributed to North Korean threat actors.
This webinar also included a live Q&A.

eSentire April 2025 TRU Intelligence Briefing - April 15th

eSentire's Managed Detection and Response (MDR) solution combines cutting-edge open XDR technology, multi‑signal threat intelligence, and the industry’s only 24/7 Elite Threat Hunters to help you take your security operation to the next level.

Watch this video to learn more.

Experience Next Level MDR with eSentire On-Demand

Join eSentire’s Threat Response Unit (TRU) as they share new research-driven observations of malware, notable vulnerabilities, threat actor groups, and cyber activity affecting the threat landscape.

During the March Threat Intelligence Briefing, TRU reviewed:
- Black Basta Leak: Insights on the recent Black Basta chat leaks including top players, hierarchy and their TTPs.
- Email Bombing Observations and Mitigation Recommendation: An overview of what email bombing is, incident insights, as well as detections and mitigation recommendations organizations can follow.
- Threat Landscape: Malware recently observed by eSentire’s SOC including Xred Backdoor, Grandoreiro, and Netsupport RAT, as well as notable recently disclosed vulnerabilities (CVE-2025-0108 - Palo Alto, CVE-2024-53704 – SonicWall, and VMware zero-day vulnerabilities CVE-2025-22224, CVE-2025-22225, CVE-2025-22226).
- A brief geopolitical update on recent activity attributed to Russian state-sponsored threat actors.
This webinar also included a live Q&A.

March 2025 TRU Intelligence Briefing On-Demand

During this webinar, Tia is joined for an exclusive conversation with NFL great Shawn Barber. Shawn is a 10-year NFL veteran, with experience in both the Eagles and Chiefs organizations. A seasoned community leader and fierce competitor, Shawn will discuss the parallels between sport’s biggest stage and the battle facing security leaders today.

Discussion topics included:
- The importance of deep investigation and partnership in driving effective performance on and off the field
- Balancing an offensive game plan vs defensive expertise
- How security leaders can take their organization to the Next Level when it counts
- Why building and measuring Resilience is the key to your success - not only in business or on the football field but in the game of life

Watch this on-demand webinar to learn about the parallels between sport’s biggest stage and the battle facing security leaders.

Tailgating with Tia Hopkins and Shawn Barber On-Demand

In today's rapidly changing business landscape, security leaders face increasing pressure to stay ahead of disruption. However, they're faced with significant challenges: the ever-expanding cyber threat landscape and a severe shortage of skilled cybersecurity experts.

Despite this, organizations can still boost their cyber resilience by embracing proactive security measures, such as 24/7 threat detection, investigation, and response capabilities.

In this webinar Hannan Ghafoor, Solutions Architect, eSentire discussed:
- The cybersecurity skills gap and what’s required to train and retain staff for a 24/7 SOC
- The increasing complexity of cyber threats and the challenges faced by in-house security teams to investigate, contain, and respond to threats in order to prevent business disruption
- The benefits of outsourcing security operations by integrating an MDR provider to optimize security resources and manage costs effectively
- How MDR can address deficiencies in cybersecurity defenses, ensuring robust protection and adaptive measures against sophisticated threats
- Recommendations and questions to ask when evaluating MDR providers

Watch this on-demand webinar to learn how your organization can choose a proven MDR provider that aligns with your organization's unique cybersecurity requirements and goals.

Bridge the Cybersecurity Skills Gap with Managed Security Services On-Demand

eSentire’s Threat Response Unit (TRU) is a team of industry-renowned experts with real-world experience who are battle-tested to protect you against the most advanced cyber threats.

TRU is foundational to our Managed Detection and Response (MDR) service – no add-ons or additional cost required.

Every month, TRU hosts a live webinar to share new research-driven observations of malware, notable vulnerabilities, threat actor groups, and cyber activity affecting the threat landscape.

During the February Threat Intelligence Briefing, TRU will review:
- Fortinet FortiOS and FortiProxy Authentication Bypass (CVE-2024-55591) Overview and Mitigation Recommendations: An overview of CVE-2024-55591, an authentication bypass in the websocket module of FortiOS and FortiProxy, as well and share detection mechanisms and mitigation steps for organizations to follow.
- Mints Loader Campaign: Emerging research from TRU on recent Mints Loader campaigns, including their impact, eSentire's response and recommendations for organizations to stay protected.
- Threat Landscape: Malware recently observed by eSentire’s SOC including Lumma Stealer, Atomic Stealer, and the Earth Kapre Loader, as well as notable recently disclosed vulnerabilities (CVE-2024-40891 Zyxel, CVE-2024-55591 FortiOS, CVE-2025-23006 SonicWall).
- A brief update on recent North Korean Remote IT Worker activity.

February 2025 TRU Intelligence Briefing On-Demand

Watch this webinar presented in partnership with SC Media, Spence Hutchinson, Staff Threat Intelligence Researcher at eSentire and Adrian Sanabria, Main Host, Enterprise Security Weekly to learn about the latest ransomware trends and strategies you can use to put your business ahead of disruption.

What you’ll learn:
- Ransomware-as-a-Service (RaaS): How ransomware gangs mimic corporate structures. From RaaS to high-stakes negotiation strategies, understand how they operate, fund, and execute their attacks.
- Methods to disrupt the ransomware playbook: Learn proven methods to disrupt their playbook and outpace their advances by leveraging 24/7 Threat Detection and Response Capabilities that include 24/7 Monitoring and Proactive Threat Hunting.
- Best practices for building a ransomware-resilient organization: Understand how to fortify your organization's defenses, enhance incident response, and ensure long-term resilience against ransomware attacks.
- How to leverage emerging government regulations: Stay up to date on the latest regulatory requirements and learn how to reinforce your cybersecurity posture.
This webinar also includes a live Q&A.

Inside Ransomware, Inc.: Defeating the Corporate Machine Driving Cybercrime On-Demand

In this month’s TRU Intelligence Briefing, the Threat Response Unit reviewed:
- Threat Landscape: A review of recently observed malware by the SOC such as Raspberry Robin, SolarMarker and SectopRAT, and notable vulnerabilities impacting Citrix (CVE-2023-3519), Invanti (CVE-2023-35078, CVE-2023-35081) and Zimbra (CVE-2023-3870)
- A brief overview on cyberattacks related to ongoing geo-political tensions.
- BatLoader Malware – background on the threat and current MSIX campaign, including brand impersonation, targets, and abuse of code signing certificates.
- Tactical Threat Response (TTR) – BatLoader Malware: eSentire response actions relating to BatLoader and recommendations/best practices for defending against this threat.

August 2023 TRU Intelligence Briefing

Threat Intelligence

Threat Hunting

Malware

Vulnerabilities

Cyber Intelligence

Cyber Attacks

Threat Research

Cyber Security

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Information Technology

Get powerful emerging technology insights from influential experts. Connect with thought leaders and colleagues to get the most up-to-date knowledge on technologies like 3D printing, pervasive robotics, natural interfaces, connected everything and cognitive systems.

Emerging Technologies

The research and development community on BrightTALK brings together leading professionals in healthcare, technology and manufacturing to present on current topics in their fields. From big data in healthcare to online forensics training and medical research practices, the community is an exceptional resource for those looking to expand their knowledge. Be part of the conversation by joining the community and participating in interactive live webinars.

August 2023 TRU Intelligence Briefing

Presented by

About this talk

eSentire