Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Splunk

Truth in Malvertising?

Splunk SURGe recently released a whitepaper, blog, and video that outline the encryption speeds of 10 different ransomware families. Early in our research, during the literature review phase, we came across another group that conducted a similar study on ransomware encryption speeds. Who was this group you ask? Well, it was actually one of the ransomware crews themselves.

Coffee Talk with SURGe: 2022-MAY-31 Follina MSDT zero day, ransomware roundup, supply chain risk

Grab a cup of coffee and join Ryan Kovar, Mick Baccio, and Audra Streetman for another episode of Coffee Talk with SURGe. The team from Splunk broke down the Follina/MSDT zero day vulnerability (CVE-2022-30190), rounded up the latest ransomware activity, and discussed supply chain risk related to Python and PHP libraries. Mick and Ryan competed in a 60 second charity challenge to explain LOLBins before taking a deep dive into the 2022 Verizon Data Breach Investigations Report.

Publish Your Splunk SOAR Apps Faster

The process for our technology partners to publish their SOAR Apps to Splunkbase just got faster and simpler. App updates are now automatically pulled from our partners’ GitHub repositories into the Splunkbase library in a matter of minutes. With 350+ SOAR Apps on Splunkbase across 200+ partners, this process improvement makes Splunk easier to integrate with and more importantly, provides our customers with even faster access to up-to-date Apps.

Get Extended Security Insights from Chrome Browser with Splunk

The way we work has drastically changed since the start of the pandemic. With more companies adopting remote and hybrid work models, there has been a 600% increase in cybercrime and 65% of organizations have seen a measurable increase in attempted cyberattacks, which is particularly problematic since 78% say remote workers are harder to secure.

Coffee Talk with SURGe: 2022-MAY-17 Conti Hits Costa Rica, Cardiologist Ransomware, CISA MSP Alert

Coffee Talk with SURGe! Grab a cup of coffee and join Audra Streetman, Mick Baccio, and special guest Haylee Mills for another episode of Coffee Talk with SURGe. The team from Splunk discussed a ransomware attack that prompted Costa Rica to issue a state of emergency, a cardiologist in Venezuela accused of building ransomware tools, and an alert from CISA warning about cyber threats to MSPs. This week Audra and Haylee competed in a 60 second charity challenge on "certs vs. degrees" in cybersecurity before taking a deep dive into Splunk Risk-Based Alerting.

How Playbook Packs Drive Scalable Automation

No matter how advanced your Security Operations Center (SOC) is, pre-built Playbook Packs from Splunk can augment your analysts with automation that scales with your organization’s maturity. SplunkⓇ Enterprise Security (ES) users can achieve this scalable automation by using a pre-built Risk Notable Playbook Pack in Splunk SOAR.

Springing 4 Shells: The Tale of Two Spring CVEs

The Splunk Threat Research Team (STRT) has been heads-down attempting to understand, simulate, and detect the Spring4Shell attack vector. This post shares detection opportunities STRT found in different stages of successful Spring4Shell exploitation. At the time of writing, there are two publicly known CVEs: CVE-2022-22963, and CVE-2022-22965. The Splunk Security Content below is designed to cover exploitation attempts across both CVEs.