Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

March 2023

splunk

Command and Control: Understanding & Defending Against C2 Attacks

Mar 31, 2023 By Laiba Siddiqui In Splunk
Attackers go through several stages to make an attack successful. And the last line in the defense system they aim to break is the command and control (C2). C2 attacks are a severe threat to organizations of all sizes and types because, if successful, adversaries can steal all your valuable data. To protect against these attacks, you should implement a security framework and robust policies, including technical and organizational measures.
Read Post
splunk

Splunk Insights: Investigating the 3CXDesktopApp Supply Chain Compromise

Mar 31, 2023 By Splunk Threat Research Team In Splunk
CrowdStrike announced on 3/29/2023 that an active intrusion campaign was targeting 3CX customers utilizing a legitimate, signed binary, 3CXDesktopApp (CISA link). As the investigations and public information came out publicly from vendors all across the spectrum, C3X customers of all sizes began investigating their fleet for signs of compromise. These campaigns are often referred to as supply chain compromises, or MITRE ATT&CK T1195.
Read Post
splunk

Visible Risks Assessments in the Financial Services Industry

Mar 31, 2023 By Nimish Doshi In Splunk
In a world with increased regulation, uncertainty in the banking business due to the climate or unforced errors, and liquidity concerns, the capability for risk management departments, auditors, and compliance departments to have timely access to reports and data that drive their decisions becomes more important than ever. Saying that you have enough data points is like saying you have enough security.
Read Post
splunk

Spear Phishing: The Ultimate Guide To Seeing & Stopping Spear Phishing

Mar 31, 2023 By Joseph Nduhiu In Splunk
When it comes to cyberattacks, the human dimension of the cybersecurity environment is a complex vulnerability. Without awareness, any employee, contractor or user is the most unprotected asset. A person who can be easily exploited with a social engineering attack. Because of inherent human characteristics — ignorance, fear, misplaced trust — people are by nature very susceptible to being manipulated to let down their guard.
Read Post
splunk

What Generative AI Means For Cybersecurity: Risk & Reward

Mar 30, 2023 By Shannon Davis In Splunk
In recent years, generative artificial intelligence (AI), especially Large Language Models (LLMs) like ChatGPT, has revolutionized the fields of AI and natural language processing. From automating customer support to creating realistic chatbots, we rely on AI much more than many of us probably realize. The AI hype train definitely reached full steam in the last several months, especially for cybersecurity use cases, with the release of tools such as.
Read Post

Coffee Talk with SURGe: The Interview Series featuring Allan Liska

Mar 29, 2023 By Splunk In Splunk
Join Coffee Talk with SURGe for our bi-weekly interview series. This week, SURGe member Shannon Davis interviews Allan Liska, threat intelligence analyst at Recorded Future and author of Ransomware: Understand. Prevent. Recover. They'll talk about the threat of ransomware, including recent trends, the impact of hack-back operations, and how organizations can become more resilient against attacks.
View Video
splunk

AI TRiSM Explained: AI Trust, Risk & Security Management

Mar 28, 2023 By Laiba Siddiqui In Splunk
AI Trust, Risk and Security Management (AI TRiSM) is an emerging technology trend that will revolutionize businesses in coming years. The AI TRiSM framework helps identify, monitor and reduce potential risks associated with using AI technology in organizations. By using this framework, organizations can ensure compliance with all relevant regulations and data privacy laws. In this article, you'll learn what AI TRiSM is, how it works, and how organizations can use it for their benefit.
Read Post
splunk

How Data Resilience Drives Customer, Cyber & Business Resilience

Mar 28, 2023 By Shanika Wickramasinghe In Splunk
With evolving cyber threats and sudden disasters, data resilience is among the critical components of any business. Data resilience helps businesses provide continuous, uninterrupted services to their customers. This article explains data resilience, its importance for current businesses, and the most common strategies to achieve data resilience. It also describes the advantages and challenges of achieving business data resilience.
Read Post
splunk

AsyncRAT Crusade: Detections and Defense

Mar 27, 2023 By Splunk Threat Research Team In Splunk
In January 2019 AsyncRAT was released as an open source remote administration tool project on GitHub. AsyncRAT is a popular malware commodity and tools used by attackers and APT groups. Threat actors and adversaries used several interesting script loaders and spear phishing attachments to deliver AsyncRAT to targeted hosts or networks in different campaigns.
Read Post
splunk

Common Cybersecurity Jobs: Skills, Responsibilities & Salaries

Mar 27, 2023 By Muhammad Raza In Splunk
Looking for a stable job in tech? Cybersecurity is one of the fastest growing employment segments — with a zero percent unemployment rate! This is a promising field for new graduates in the technology sector with strong backgrounds in systems design, data and mathematics. What roles and responsibilities can you expect in the cybersecurity domain? Here is a list of cybersecurity roles, their responsibilities, skills required and average annual salary.
Read Post
splunk

Governance, Risk, and Compliance (GRC) Explained: Meaning, Benefits, Challenges & Implementation

Mar 27, 2023 By Blessing Onyegbula In Splunk
Enterprises these days are facing a triple threat: stiffer government policies, volatile cyberspace and an extra-competitive economy. And without a well-planned strategy, it will be hard to survive all these and hit high-performance goals. Hence the need for an effective GRC strategy. Since its invention in 2003, GRC as a strategy for achieving organizational goals amidst uncertainty and with integrity, has stayed true to its primary purpose. Despite the increasing turbulence in the economy.
Read Post
splunk

My Username Fields Have Passwords in Them! What Do I Do?

Mar 24, 2023 By Drew Church In Splunk
As security practitioners, we like to read blogs, whitepapers, and even Mastodon “toots” that talk about new or novel threats and vulnerabilities. Recently, our fearless and never sleeping Security Strategist Leader James Brodsky called attention to a blog post from a researcher that highlighted the risks of password disclosure in authentication logs.
Read Post
splunk

Zero Day Defined: Zero-Day Vulnerabilities, Exploits & Attacks

Mar 23, 2023 By Muhammad Raza In Splunk
Zero-Day” is an intriguing concept in the domain of cybersecurity. Imagine diligently following security best practices such as patching exploits and updating the systems regularly. Plus, you’re following strict risk management and governance frameworks within the organization to vet new software applications for security risk before adding them to your library. But what happens when the security flaws are novel — and a patch does not exist?
Read Post
splunk

Machine Learning in Security: Detecting Suspicious Processes Using Recurrent Neural Networks

Mar 23, 2023 By Kumar Sharad In Splunk
Malicious software like ransomware often use tactics, techniques, and procedures such as copying malicious files to the local machine to propagate themselves across the network. A few years ago, the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the Department of Health and Human Services issued a joint cybersecurity advisory to ward off potential harm from threat actors for at-risk entities.
Read Post
splunk

Breaking the Chain: Defending Against Certificate Services Abuse

Mar 23, 2023 By Splunk Threat Research Team In Splunk
In recent years, there have been several high-profile cyber attacks that have involved the abuse of digital certificates. Digital certificates are electronic credentials that verify the identity of an entity, such as a person, organization, or device, and establish trust between parties in online transactions. They are commonly used to encrypt and sign data, authenticate users and devices, and secure network communications.
Read Post
splunk

The SQL Injection Guide: Attacks, Types, Signs & Defense Against SQLi

Mar 23, 2023 By Muhammad Raza In Splunk
Most dynamic web applications and sites — ones that store and process user information — use some sort of database implementation. One of the most common implementations involves SQL. Structured Query Language is a standard language for relational database management systems (RDBMS). It lets you query database records, change and modify them, set permissions, create custom views and storage procedures.
Read Post

Coffee Talk with SURGe: Oakland Ransomware Attack, BreachForums, Acropalypse Vulnerability, GPT-4

Mar 22, 2023 By Splunk In Splunk
Grab a cup of coffee and join Ryan Kovar, Mick Baccio, and Audra Streetman for another episode of Coffee Talk with SURGe. The team from Splunk will discuss the latest security news, including: Mick and Ryan shared their takes on responding to 0day vulnerabilities and the trio also discussed GPT-4 and the future of generative AI.
View Video
splunk

What's Digital Rights Management (DRM)? Protecting Intellectual Property Today

Mar 22, 2023 By Kayly Lange In Splunk
Digital rights management (DRM) is a set of technologies, tools and techniques to protect your copyrighted digital content from unauthorized copying, sharing or usage. Content creators, organizations and distributors typically implement DRM to control access to their intellectual or sensitive property and ensure that it is only used by the terms and conditions they have established. It also helps companies secure their files and enables safe sharing, so they don’t land in the wrong hands.
Read Post

SOCtails - Unify Security Operations with Splunk Mission Control

Mar 21, 2023 By Splunk In Splunk
Security teams constantly pivot between multiple tools and management consoles in order to detect, investigate, and respond to security incidents. It's time-consuming and complex. And it's Kevin's personal nightmare. Jeff shows Kevin how to unify his security operations across detection, investigation and response using Splunk Mission Control.
View Video

Unify Your Security Operations with Splunk Mission Control

Mar 21, 2023 By Splunk In Splunk
Splunk Mission Control brings order to the chaos of your security operations by enabling your SOC to detect, investigate and respond to threats from one modern and unified work surface. Watch this 5 minute demo video to learn how Mission Control unifies your security operations experience across Splunk’s industry-leading security technologies and partner ecosystem in one work surface. The demo use case focuses on how an analyst detects, investigates and responds to an encoded PowerShell attack.
View Video
splunk

The SOC Manager/Director Role: Skills, Duties, Salary & More

Mar 17, 2023 By Laiba Siddiqui In Splunk
Cybercriminals target organizations to steal sensitive data, disrupt operations, or cause damage to organizations. But a well-designed security operations center (SOC) helps prevent these attacks from ever occurring. SOC managers detect and respond to cyber security threats to ensure your organization operates securely. They manage the team, develop policies and procedures, and keep the CISO informed about security operations. Let’s take a look at the SOC manager role.
Read Post
splunk

Fraud is in Your Backyard

Mar 16, 2023 By Tina Carkhuff In Splunk
Each day, there are multiple news stories about fraud. Some share details about fraud committed against government entities or agencies, some tell us about instances in our educational institutions, and still, others describe the types of fraud against individuals in the form of identity theft. In the post-pandemic United States, fraud has increased in the public sector because our government has made benefits more accessible to those in need.
Read Post
splunk

Overcome Cybersecurity Challenges to Improve Digital Resilience

Mar 14, 2023 By Michael Weinstein In Splunk
The idea that digital resilience — the ability to prevent, detect, respond to and recover from disruptive events — is critical to digital business would surprise no one. As the Splunk report Digital Resilience Pays Off illustrates, organizations that are farther along on their digital resilience journey enjoy $48 million lower annual downtime costs and 2 times higher digital-transformation project success rate than their less digitally resilient peers.
Read Post
splunk

The Compliance-as-a-Service (CaaS) Ultimate Guide

Mar 13, 2023 By Guest In Splunk
Today, many organizations are governed by various types of industry regulations. To name a few: General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA) and California Consumer Privacy Act (CCPA). These regulations are subject to regular and complex amendments, and many compliance officers expect proactive compliance from every regulated company.
Read Post

Coffee Talk with SURGe: The Interview Series with Sergio Caltagirone

Mar 13, 2023 By Splunk In Splunk
Join us as we kick off our new bi-weekly 1-1 interview series, starting with Sergio Caltagirone. Sergio was formerly at NSA, Director of Threat Intelligence at Microsoft, VP of Threat Intelligence at Dragos, Technical Director of the Global Emancipation Network, now the founder and president of the Threat Intelligence Academy, and of course, co-author of The Diamond Model. We will talk about all the things threat intelligence, thought models, and probably a solid side of snark.
View Video
splunk

What Is Cyber Forensics?

Mar 10, 2023 By Muhammad Raza In Splunk
Cyber forensics refers to the practice of extracting information, analyzing the data and gaining intelligence into activities that involve the use of technology as a structured chain of evidence that can be presented in the court of law. In this article, I’ll look at the basics of cyber forensics: what it’s for, phases in a forensic procedure, challenges and how it goes far beyond auditing.
Read Post
splunk

Supply Chain Attacks: What You Need to Know

Mar 10, 2023 By Guest In Splunk
Every day, thousands of companies download updates to their software. With a click of a button, they can walk away and return the next morning with everything reorganized and in order. While a staple of modern life, this action is no longer completely harmless. It is now one of many attacks that bad actors use to access systems and execute supply chain attacks.
Read Post
splunk

Behavioral Analytics Explained: How Analyzing (Odd) Behavior Supports Cybersecurity

Mar 9, 2023 By Shanika Wickramasinghe In Splunk
Behavior Analytics (BA) is a widely used technique that helps you gain insights into various behavioral patterns to make data-driven decisions. This article describes behavior analytics, particularly how it is used in cybersecurity, and the actions it involves. We’ll also provide describe popular BA tools and discuss their key benefits.
Read Post
splunk

Threat Advisory: SwiftSlicer Wiper STRT-TA03

Mar 9, 2023 By Splunk Threat Research Team In Splunk
The ongoing geo-political crisis in Eastern Europe continues to be the scenario of deployment of a variety of payloads linked to information stealing and data/network destruction. The deployment of these payloads has been associated or contingent with Military actions as Microsoft and ESET have observed in some of their publications. These campaigns have targeted critical infrastructure affecting civilian populations in addition to military targets.
Read Post
splunk

Manufacturing Predictions - the highlights for 2023

Mar 7, 2023 By Ewald Munz In Splunk
After having accelerated cloud and digital transformations during the pandemic, manufacturers might be forgiven for wanting to take a pit stop. But there is no time to slow down and rest on their laurels. On top of inflation, energy price shocks and economic uncertainty the technology landscape is shifting, faster than ever before — and so are the new kids on the block such as massive cyberattacks and sustainability imperatives.
Read Post
splunk

Cyber Counterintelligence (CCI): Offensive & Defensive Strategies for Cybersecurity

Mar 7, 2023 By Shanika Wickramasinghe In Splunk
Armed with innovative techniques, cyber attackers today come from various organized cybercrime groups, foreign intelligence services and other competitor organizations. With more sophisticated attacking techniques developed daily by such attackers, organizations must know their purpose and behaviors in advance — and devise strategies to avoid them. Cyber counterintelligence is an effective way to improve your cybersecurity posture.
Read Post
splunk

CIO vs. CISO vs. CPO: What's The Difference?

Mar 7, 2023 By Kayly Lange In Splunk
Businesses been forced to step up their approach to security and privacy in the past few years due to: This growing digital complexity has led to the evolution of three vital executive-level positions: CIO, CISO and CPO — the Chief Information Officer, the Chief Information Security Officer and the Chief Privacy Officer. As three separate executive-level positions within companies centered around technology and cybersecurity, the lines between CIO, CISO and CPO can get blurry.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.