As I celebrate my first year as head of product management at Graylog, I’ve had the unique privilege of re-immersing myself in the world of Security Information and Event Management (SIEM) from a new perspective. The past year has underscored one critical lesson: staying competitive in SIEM isn’t about adding features; it’s about finding fresh approaches to meet the real needs of security teams.

Security Operations Centers (SOCs) are under immense pressure to ensure no attack goes unnoticed. At Corelight, we’re being approached daily to help bring in network visibility. For many though, visibility isn’t enough. SOCs are already overloaded and Tier 1 Analysts often lack network expertise. Modern network visibility has to be easy to use and designed for maximizing SOC efficiency. For that, we built Guided Triage.

In 2023, a critical vulnerability in MOVEit Transfer software (CVE-2023-34362) was weaponized by the Cl0p ransomware group, leading to a substantial leak of sensitive employee data from major global corporations. The flaw in MOVEit allowed attackers to bypass authentication and access secure files, resulting in a far-reaching data breach that impacted various sectors including finance, healthcare, government, and retail. Vulnerability Details and Affected Software Nam3L3ss: Profiling Cl0p Ransomware Data.

When tasked with the IT security of an organization, it can be easy to get bogged down in particulars and definitions and lose heart before you’ve even begun. With a plethora of terms to learn, details to secure, and moving parts to keep track of, building an effective cybersecurity strategy is no simple task. It requires a great deal of effort, planning, and coordination.

Scammers have leapt at the opportunity to exploit vulnerable UK residents by sending bogus messages telling them they need to take action to receive help with their winter heating bills. In July, the UK's new Labour Government announced that it was limiting who was eligible for assistance with their winter fuel bills by making eligibility means-tested.

Few industries evolve as rapidly as technology—and the world of cybercrime is no exception. While businesses may hesitate to adopt new technologies due to regulatory pressures or security concerns, threat actors in the cybercrime space – who are free from ethical scruples or legal worries – are constantly innovating. This trend has only accelerated with the rise of Generative AI, which has democratized cybercrime by enabling attackers of all skill levels to launch sophisticated attacks.

A new report from ESET has found that most nation-state threat actors rely on spear phishing as a primary initial access technique. In the second and third quarters of 2024, state-sponsored APTs from China, Russia, Iran, and North Korea used social engineering attacks to compromise their targets. Iranian threat actors continued conducting cyber espionage against countries across the Middle East, Europe, and the US. They also expanded their targeting to hit financial companies in Africa.

We’re honored to share a new partnership with Orange Business (Norway), a global leader in digital services. ARMO was selected to secure Orange Business’ new Managed Kubernetes Service (MKS) with ARMO’s advanced runtime-driven cloud security platform. This collaboration marks a significant milestone in delivering robust security solutions for on-premises Kubernetes environments for Orange Business.

Product Name: bodi0’s Easy Cache Vulnerability: Stored XSS Vulnerable Version: Will be disclosed soon CVE: Will be disclosed soon On September 16, 2024, the team of pentesters at Astra Security found a stored Cross-Site Scripting or XSS in bodi0’s Easy Cache plugin. It is a plugin designed for WordPress that helps optimize the caching functionality, thus allowing enhanced page loading and reducing the server load.