Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Threat Detection

Understanding the Latest Threat Landscape: Insights from Mandiant M-Trends

In the constantly evolving world of cybersecurity, staying ahead of emerging threats requires continuous vigilance and adaptation. Fortunately for those of us in the industry, we’ve been able to count on highly respected digital forensics and incident response specialists like Mandiant to publish annual research on the latest security trends seen first-hand by their global teams.

Introducing ShellSweepPlus: Open-Source Web Shell Detection

Today, the Splunk Threat Research Team is thrilled to introduce ShellSweepPlus, an advancement in our ongoing mission to combat the persistent threat of web shells. Building upon the solid foundation of its predecessor ShellSweep, ShellSweepPlus is an enhanced version that takes web shell detection to new heights, incorporating cutting-edge techniques and a multifaceted approach to safeguard your web environments.

Black Hat NOC: Zero Trust...but Verify | Corelight

The Black Hat network is unlike an enterprise network. The network operations center (NOC), which Corelight helps to operate, sees traffic that would never be permissible on most enterprise networks. Still, in many ways the Black Hat network is a microcosm of many real-world environments, with similar challenges that require similar solutions.

Detecting The Agent Tesla Malware Family

Welcome to the latest from Corelight Labs! This blog continues our tradition of picking a popular malware family from Any.Run and writing a detector for it! Trending consistently at #1 on Any.Run’s malware trends list, Agent Tesla uses multiple protocols to communicate with its C2 infrastructure, making it more difficult to detect robustly than a malware sample utilizing only one network protocol for its C2.

10 Botnet Detection and Removal Best Practices

If your device suddenly behaves like a re-animated zombie, it might be under a botnet attack. Botnet attacks, also known as zombie armies, involve hijacking internet-connected devices infected with malware, controlled remotely by a single hacker. These attacks can reach immense scales, as demonstrated by an incident where 1.5 million connected cameras were exploited to overwhelm and take down a journalist’s website.

Seeing the Unseen: Preventing Breaches by Spotting Malicious Browser Extensions

As workforce productivity increasingly depends on web-based applications, browsers have become essential gateways to the “connectivity economy.” According to recent data, 93% of desktop internet traffic in 2023 traversed through four popular web browsers.

Splunk .conf24 reflections - Federated data, resilience, and a parade of fezzes

Fresh from the recent.conf24 user conference in fabulous Las Vegas, I thought I’d share what I thought were some of the key points throughout the week. Along with admiring the traditional display of fezzes and capes throughout the week, we were excited about the great conversations with our customers, business partners, Splunkers, and, of course, the lovely Buttercup.

3 Crucial Capabilities for Effective Cloud Detection and Response

Adversaries are increasingly attacking cloud environments, as evidenced by a 75% surge in cloud intrusions year-over-year in 2023. They are also getting faster: The fastest breakout time was clocked at just over 2 minutes, according to the CrowdStrike 2024 Global Threat Report. Today’s adversaries are outpacing legacy security approaches. Disjointed point solutions can’t scale or provide visibility into a rapidly growing attack surface.

Destructive Malware: Threat Detection and Incident Response

Imagine that you have a snack you want to eat while watching a movie on a Friday night. You look in your kitchen, only to find the snack missing. Whether a roommate hid the snack or ate it, you no longer have access to it, disrupting your evening plans. This destructive behavior interrupts your weekend objectives, but it’s pretty low stakes overall.