Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

January 2024

Security Insights: Jenkins CVE-2024-23897 RCE

The recent identification of CVE-2024-23897 in Jenkins versions up to 2.441 has significantly heightened concerns within the cybersecurity community, particularly focusing on the implications for public-facing Jenkins servers. Jenkins servers are important for many organizations as they are used in continuous integration/continuous deployment (CI/CD) pipelines, automating stages of software development and deployment.

Security Insights: Tracking Confluence CVE-2023-22527

On January 16th, 2024, Atlassian released an advisory highlighting a critical vulnerability within certain versions of Confluence Data Center and Confluence Server. This issue, tracked under the identifier CVE-2023-22527, involves a severe Remote Code Execution (RCE) vulnerability stemming from a template injection flaw in out-of-date software versions. The risk is significant, with unauthenticated attackers potentially gaining the ability to execute arbitrary code on affected installations.

Retail in the Era of AI: An Industry Take on Splunk's 2024 Predictions

Macro technology trends have always impacted and influenced every aspect of the retail industry. From the days of catalog ordering and cash only transactions to today’s personalized, always-on omnichannel experiences where contactless payment has become the norm - the world of retail is almost unrecognizable.

Security Insights: Investigating Ivanti Connect Secure Auth Bypass and RCE

On January 10th, 2024, Volexity reported that there is active exploitation in the wild against Ivanti Connect Secure (ICS) VPN devices. Ivanti and Volexity worked together to review impacted devices, and Volexity identified two different zero days, which have been assigned the following CVEs IDs.

Cybersecurity Trends for 2024: What's In & What's Out

Dissecting the cybersecurity landscape isn’t easy. Organizations are perennially under-prepared. Seemingly every person in the world has been affected by some company’s data breach. Then, we layer in the biggest tech news of 2023: the widespread experimentation and use of generative AI. Today, no one is immune from the threat of an attacker. Each organization must be ready. Organizations of all sizes must understand the evolving cybersecurity landscape in order to defend themselves.

Hypothesis-Driven Cryptominer Hunting with PEAK

Hypothesis-driven hunting is probably the most well-known type of threat hunting, and it’s one of the three types defined in the PEAK threat hunting framework. In this article, we’ll walk through a sample hypothesis-driven hunt, step-by-step. For our data, we’ll be using the Boss of the SOC Version 3 (BOTSv3) dataset, which you can use to recreate the hunt and work through it on your own. Below is a diagram of the Hypothesis-Driven hunting process.

Enter The Gates: An Analysis of the DarkGate AutoIt Loader

AutoIt is a scripting language designed for automating the Windows GUI and general scripting. Over the years, it has been utilized for malicious purposes, including AutoIt-compiled malware, which dates back to as early as 2008. Malware creators have exploited the versatility of AutoIT in a variety of ways, such as using obfuscated scripts for payload decryption, utilizing legitimate tools like BaSupportVNC, and even creating worms capable of spreading through removable media and Windows shares.

Defining & Improving Your Security Posture

The security posture of any organization is the result of comprehensive security strategies, processes and practices, which enable organizations to be resilient against evolving security threats. This article describes what we mean by “security posture”, including why it matters, and what comprises it. Importantly, we’ll also understand how to assess and improve the security posture.

What Is Hacktivism?

Not every cybercrime is about, well, the crime. In fact, some attacks are designed to draw attention to a cause, not stolen data or paydays. Social activism has been around forever. Today, it can manifest in the physical world, of course, and increasingly we see social activism in the digital world, too, ranging from minor activist activities all the way to high-profile cybercrime incidents.

Ransomware & Extortionware in 2024: Stats & Trends

In the underground cybercrime circles of the Dark Web, ransomware attacks are a particularly lucrative enterprise. These attacks are on the rise. And they’re disrupting the stalwart IT industry. The average cost of a ransom attack in 2023 was $1.54 million, almost double the previous year’s average. And research we gathered for The CISO Report show that 83% of organizations hit by a ransomware attack paid their attackers. Curious which industry is most likely to pay the ransom? Retail.

The National Cyber Workforce & Education Strategy (NCWES) Explained

Imagine a world where every cyber threat gets a swift and skilled response. This is the vision of the National Cyber Workforce and Education Strategy (NCWES), a program aimed at creating a future-proof cybersecurity workforce. Why is future-proofing our cybersecurity workforce so important? Because the cyber challenges of today and tomorrow require a diverse, well-educated, and agile workforce.

Security Testing for Mobile Applications in 2024

Mobile devices at the workplace: this so-called trend is here to stay. In response, IT teams are recognizing their responsibility to develop a secure and high-performance operating environment for their mobile and remote workforce. Mobile-related security risks have increased to astronomical levels in the last year: All that to say: a true organizational security posture cannot ignore the mobile apps and devices that its employees and customers use.

Secure AI System Development

Scientific progress in AI and downstream innovation to solve concrete real-world problems is part of a greater movement toward inventing Artificial General Intelligence (AGI). Broadly speaking, AGI is defined as an intelligent agent that can emulate and surpass human intelligence. Today, we are already familiar with incomplete forms of AGI: Despite these promising innovations moving from the scientific domain to consumer marketplaces, we are still far from achieving AGI.

Using Amazon SageMaker to Predict Risk Scores from Splunk

Splunk Enterprise and Splunk Cloud Platform, along with the premium products that are built upon them, are open platforms, which allow third party products to query data within Splunk for further use case development. In this blog, we will cover using Amazon SageMaker as the ISV product using the data within Splunk to further develop a fraud detection use case to predict future risk scores.

Data Breach Defined & Ways To Prevent One in 2024

Data breaches are on the rise. Every day, we see news articles like these: "Major Data Breach Hits ABC Corporation: Millions of User Records Compromised"."GHI Retail's Customer Data Exposed: A Wake-Up Call for E-commerce Security"."LMN Health's Patient Information Compromised: Largest Data Breach in Healthcare History".

Ghost in the Web Shell: Introducing ShellSweep

In the cyber realm, where digital defense and offense is an ongoing game of cat and mouse, one of the most potent weapons in an attacker's arsenal is the web shell. A seemingly innocuous piece of code that, once embedded in a server, allows an attacker to maintain their access and control. The hidden danger of web shells is their stealthiness and versatility, making them a challenging threat to uncover and neutralize.

Endpoints and Endpoint Detection: Importance & Risk Mapping

“Secure the endpoints!” This battle cry can sound like a meme, sure, but it also highlights arguably the most important part of modern cybersecurity today: are we securing the endpoints? A compromised network is likely to leave traces of anomalous and unauthorized activities that originate from network endpoints.

Continuous Threat Exposure Management (CTEM)

As businesses transform digitally, cyber threats are evolving faster. The takeaway isn’t that threats are more sophisticated: it’s that traditional, reactive vulnerability management solutions are rarely effective. Continuous threat exposure management is a process that can effectively address this problem.

Hunting M365 Invaders: Blue Team's Guide to Initial Access Vectors

Microsoft 365 (formerly Office 365) is Microsoft's cloud-based suite of productivity tools, which includes email, collaboration platforms, and office applications. All are integrated with Entra ID (referred to as Azure AD in this post) for identity and access management. M365’s centralized storage of organizational data, combined with its ubiquity and widespread adoption, make it a common target of threat actors.

Google Dorking: An Introduction for Cybersecurity Professionals

Google Dorking, also known as Google Hacking, is a technique using sophisticated search queries to uncover information on the internet not easily accessible through typical search queries. It leverages the capabilities of Google’s search algorithms to locate specific text strings within search results.

Find the Unusual with the Splunk App for Behavioral Profiling 2.0

There are times where being unusual is a good thing - unconventional thinking can lead to innovation in industry, science and culture, enabling everyone from businesses to artists to stand out from the pack. The Splunk App for Behavioral Profiling (SABP) helps users tackle the other kind of unusual - the bad kind.