Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

ChatGPT is an artificial intelligence chatbot created by OpenAI, reaching 1 million users at the end of 2022. It is able to generate fluent responses given specific inputs. It is a variant of the GPT (Generative Pre-trained Transformer) model and, according to OpenAI, it was trained by mixing Reinforcement Learning from Human Feedback (RLHF) and InstructGPT datasets. Due to its flexibility and ability to mimic human behavior, ChatGPT has raised concerns in several areas, including cybersecurity.

With attackers constantly developing new tactics to compromise credentials and data, it is increasingly important to monitor critical systems such as Active Directory (AD) for signs of malicious activity. Many organizations turn to security information and event management (SIEM) products for help.

Once an attacker establishes a foothold in your Active Directory (AD) domain, they begin looking for ways to achieve their final objective, such as to sensitive data on file servers or in databases, spread ransomware or bring down your IT infrastructure. To do so, they must first gain additional access rights — ideally, membership in highly privileged groups like Domain Admins. BloodHound Active Directory helps them find paths to do just that.

New hires bring fresh ideas and unique skills but can also pose a threat. They can endanger your organization’s sensitive data and IT systems due to carelessness, lack of cybersecurity awareness, or malicious intent. The potential insider threats stemming from new employees are especially concerning for large organizations with a high flow of personnel who may find it challenging to thoroughly monitor and supervise all new hires security-wise.

Logging is an important tool in the cloud developer’s toolbox. It can be the critical component used to discover why your authentication service can’t connect to its database or why your API gateway is not routing upstream traffic correctly. Today, humans are not the only ones reading logs. Machines are also participating in the logging landscape by helping identify patterns (and outliers) in your system logs.

Hybrid working models have increasingly become the normal way of doing business. Employees are working from anywhere, users and their devices are moving on and off the office network, and many applications once hosted in data centers are now moving to public clouds or being replaced with software as a service (SaaS).

In this episode of 2023 Predictions, Sathya Sankaran, General Manager of CloudCasa by Catalogic, speaks with Swapnil Bhartiya on his insights into where he sees the industry heading in 2023. The pandemic resulted in the acceleration of cloud adoption and digital transformation and Sathya expects this momentum to continue in 2023 as well.

I am sure many of you have heard the term “cybersecurity is a team sport.” If you haven’t, I say get on the right team. Security is a complex, ever-changing game of skill and preparedness (never chance). As we like to say here at Splunk, it is all about cyber resilience. To best be prepared to win this game, we need the best team. As with any team sport, there really needs to be other teams - after all what fun is it playing by yourself?

This blog post will provide an analysis of the malicious Redline Infostealer payloads which have been taken from a real life malware incident, responded to and triaged by the ThreatSpike SOC team. This analysis will be broken down to demonstrate, describe and explain the various stages of the attack chain.

The concept of the network perimeter has expanded dramatically in recent years. Many modern organizations operate in a distributed model, with branch locations and endpoints deployed outside of a physical office. But anything connecting to the corporate network is a potential vector for attackers, who can make their way into the network core (and potentially gain access to an organization’s “crown jewels”) by first compromising a branch office or an endpoint.