Archie, the mayor of Sludge Springs, has some beef with Curriculaville consistently winning the Cleanest Town Award. He'll use whatever dirty trick he can to stop them from winning it again.

We are excited to announce that Rogue Apps is now generally available in Huntress Managed ITDR. Rogue Apps is Managed ITDR's latest capability to detect and remediate malicious enterprise applications in your Microsoft tenants. Rogue Apps detects two forms of malicious applications:

Traitorware - legitimate applications found by Huntress to be frequently abused by attackers. To-date, our list of Traitoware applications included eM Client, PerfectData Software, Newsletter Software Supermailer, Rclone, and CloudSponge. We will continue to expand this list as we discover more use-cases.

Stealthware - unknown applications which are rare and have powerful permissions. These globally unique single or multi-tenanted malicious applications provide threat actors a backdoor into an identity or tenant environment.

This new capability detects and disables Traitorware and Stealthware applications in your tenant(s), and disables identities with permissions delegated to these applications. You can access the Rogue Apps dashboard under the ITDR icon in the left navigation panel in the Huntress portal. Here, you can view all installed applications across all of your tenants.

Excited to share an update with everyone, Partner account Admins now have the ability to enable/disable products for their Organizations. On the Organizations page, partners can now selectively choose which Organizations should have access to Huntress Managed EDR and Managed SIEM, and allows for a more granular and controlled approach to selling Huntress.

For more information, please take a look at our Support Documentation or reach out to your Huntress Account Manager.

In October 2024, we enhanced security by implementing Agent Tamper Protection, which blocks local agent uninstallation to prevent attackers from disabling defenses.

We’ve since updated the Huntress dashboard to remove the ability to indefinitely turn Tamper Protection On/Off, limiting Tamper Protection overrides to 4 hours. This ensures temporary adjustments don’t leave systems vulnerable, addressing risks of misconfiguration.

For more information on Tamper Protection, please see this Support Article.

Janel's groundbreaking invention could change the world, but Quincy's open-source research skills and big ambitions might just change her future.

Learning Objectives:

We've made an update to your Incident Reports! Containment actions are now going to show within the Remediations tab of an Incident, allowing you visibility into the status and the ability to track the progress of any actions taken, such actions as

This update will streamline adding future remediations for EDR, ITDR and SIEM, increasing the product efficiency and effectiveness against future threats.

Our SOC has observed a rise in PDF based phishing attacks in the wild. These new phishing simulations mimic that tradecraft by including an attachment with a bait-link (normal link or QR Code) inside.

Tina is starting a new internship for the mega celebrity, Joshhh, and she's hoping that generative AI will have him singing her praises.

Learning Objectives:

We're making NEW trial signups easier:

These changes are meant to make it drop-dead easy to start a trial, without compromising quality or security.

The dashboard page with the phishing over time graph is now in general availability and available to all customers and partners. This page helps admins observe improvement in avoiding simulated compromise over time based on attempt number.