The cybersecurity industry has spent a lot of time talking about improving the analyst experience without making significant improvements. Much of the effort has been too focused on trying to find a silver bullet solution. Combine that with a global pandemic and things are just getting worse.

In this post we discuss how an account with two-factor authentication could be bypassed if the password were breached.

The global pandemic has tilted the scales in favor of cybercriminals, who adapted their attack strategy to exploit the vulnerabilities in the existing security systems in the organizations. Added to this, the global mindset of businesses to shift to a remote and hybrid work environment has exacerbated the threat landscape resulting in high ransomware attacks and data breaches across the industries and geographies.

The Splunk Threat Research Team (STRT) has been heads-down attempting to understand, simulate, and detect the Spring4Shell attack vector. This post shares detection opportunities STRT found in different stages of successful Spring4Shell exploitation. At the time of writing, there are two publicly known CVEs: CVE-2022-22963, and CVE-2022-22965. The Splunk Security Content below is designed to cover exploitation attempts across both CVEs.

Corelight is pleased to announce our integration with AWS’s Traffic Mirroring to Gateway Load Balancer (GWLB) Endpoint as a Target. This integration simplifies the monitoring of network traffic and generating Corelight data in massively scaled-out public cloud environments. When it comes to monitoring network traffic today, we see two primary deployment patterns, each with their own pain points.

Instantly view your organization’s cybersecurity posture + continuously monitor and verify identity.

It has officially been one year since the release of the Biden administration’s Executive Order on Cybersecurity, which outlines security requirements for software vendors selling software to the U.S. government. These requirements include security testing in the development process and a software bill of materials for the open-source libraries in use so that known vulnerabilities are disclosed and able to be tracked in the future, among other things.

“This password has appeared in a data leak, putting this account at high risk of compromise. You should change your password immediately” – if you own an iPhone or iPad running on iOS 14 or above, you may have received this worrying message lately. Apple rolled out this feature across both devices and Macs as a cybersecurity feature. If you have received this notification, you might be wondering what it means and what to do next. Read on to learn more.

It’s been a bad month for RubyGems vulnerabilities. Critical CVE-2022-29176 was issued May 8, 2022, and another critical CVE-2022-29218 was discovered less than a week later, on May 11. This new vulnerability would allow for a takeover of new versions of some platform-specific gems under certain circumstances.

In today’s world where information security is fundamental to businesses to protect their systems, network and data, compliance to ISO 27001 is crucial. ISO 27001 is an internationally recognised set of standards that helps organisations manage their information security by establishing, implementing, and maintaining an information security management system (ISMS).