Huntress

At Huntress, we believe: - ALL businesses deserve enterprise-grade security, not just the 1% - Cybersecurity should be accessible, not exclusive - Local governments, schools, hospitals, and manufacturers deserve the same protection as big tech - Protecting organizations below the cybersecurity poverty line is one of the most urgent challenges in our industry And our new strategic advisory board member thinks so, too. We’re honored to welcome Jen Easterly to the Huntress Strategic Advisory Board. With decades of experience leading security efforts at the highest levels, she’s joining Huntress to help solve a problem we’ve both been tackling from different angles for years: how to protect the millions of organizations that fall below the cybersecurity poverty line. “Cybercrime is outpacing the growth of most U.S. businesses, state-sponsored actors are relentlessly targeting critical infrastructure, and threat actors are continually evolving their tactics… That’s why I’m excited to join Huntress to disrupt threat actors in bold, innovative ways and make a real, measurable impact on our community,” -- Jen Easterly. She’ll be joining us live at #BHUSA, Booth 2451. Come say “hey.” Read more about her appointment here: https://lnkd.in/gN8G-zsA

We're closing the books on #BHUSA. Day 1, we built our BlackHat HQ, stocked it with swag, and got to work. Day 2, we went full throttle. From packed theater sessions and booth deep-dives to swag sightings in the wild, our crew made the most of every minute. 🏎️ Highlights from our final lap: ✔️ A pit stop at the Microsoft booth (sprinkle donuts included) 🍩 ✔️ Demos running hot ‘til the very end ✔️ Hanging out with our partners ✔️ Monster consumption reaching legendary status BlackHat 2025: thanks for the conversations, the laughs, and the opportunity to push our mission forward. Until next time… 💪 Huntress

Dear Diary, Finished day one at #BHUSA. Spirits are high. Caffeine levels are…concerning. The booth is built. The swag is flowing. And the team? Already wrecking threats and making new friends. Some early highlights: ✔️ Ate lunch on the floor like seasoned conference goblins ✔️ Had three people ask what ClickFix is ✔️ Welcomed our newest Huntress Advisory Board Member, Jen Easterly ✔️ Spotted a guy carrying an open laptop and two Monsters (I think his name was Kyle) Will report back tomorrow. 💪 Huntress

Today at #BHUSA: A Boss Level double feature! 🎙️ Strategic vision with Jen Easterly 🔐 Full access AMA with John Hammond & Jonathan Johnson ⚡ Back-to-back at Booth 2451.

Live demos. Every hour. Stop by Booth 2451 at #BHUSA for no-fluff walk-throughs on how we: 🔍 Hunt identity threats 🧠 Train humans who don’t click bad links 📈 Simplify your stack with EDR, ITDR, and SIEM See you soon. 🤝

Cybersecurity isn’t just for the 1%. We build for the internal teams doing more with less, the IT pros wearing too many hats, and the MSPs holding the line. This week at #BHUSA, we’re showing how: 🔐 Real attacks get shut down in real time 🎯 Detection goes deeper than signatures 🤝 Hackers who don’t just defend, they hunt Want to go deeper? Catch John Hammond unpacking stealthy Linux persistence techniques you’ve probably never seen. Then join us on August 7 at Booth 2246 for our joint session with Microsoft. (We’re talking more coverage, less spend.) All week long at Booth 2451. See you there.

> Built to wreck threats. > Backed by a 24/7 team of human threat hunters. > Battle-tested across real-world incidents. Heading to #BHUSA? Come see how we catch what attackers hope you’ll miss. 🗓️ Aug 6–7 |📍Booth 2451

🕵️♂️ What’s lurking in the depths of the dark web? This month’s Tradecraft Tuesday takes you into the shadows to explore: 👉 The types of data sold and how it’s monetized 👉 Risks for organizations targeted by initial access brokers 👉 Examples of shady activity, like Play ransomware Our experts will peel back the layers and give you the info needed to stay safe from dark web shadiness. Don’t miss out, register now: https://lnkd.in/gHmT-6jg

⚠️ Huntress has been responding to an ongoing wave of high-severity Akira ransomware incidents originating from SonicWall devices. - We’ve seen around 20 different attacks so far, with the first of these starting on July 25 - Some of the attackers in these incidents have at least part of the same playbook - We’ve seen threat actors using tools like Advanced_IP_Scanner, WinRAR, and FileZilla, and installing new accounts or full blown RMMs like AnyDesk for persistence What should you do? ✅ Disable your SonicWall VPN. We strongly advise you to disable SSL VPN access on your SonicWall appliances until an official patch and guidance are released. ✅ If you can't disable It, lock it down. If the VPN is business-critical, immediately restrict access to a minimal allow-list of known, trusted IP addresses. Segment the network to prevent a breach of the appliance from immediately providing access to critical servers like domain controllers. ✅ Learn more about this active exploit and get an up-to-date list of indicators of compromise: https://lnkd.in/gsJS5Qpr 👀 Help the Huntress SOC! If you're a SonicWall user you can help us gather more intelligence on this exploit and the surrounding activity by spinning up a free trial of SIEM: https://lnkd.in/gPHHzcyN

Heads up: our SOC has eyes on what appears to be active exploitation of SonicWall devices, possibly a zero day. We’re seeing threat actors bypass MFA, pivot to domain controllers, and deploy ransomware like Akira. Our Senior SOC Manager Dray A. just broke it down in a post that’s making the rounds across LinkedIn. If you manage SonicWall infrastructure, take 3 minutes and read this now. IOCs + guidance. 👇👇👇