Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

2024 was a year of incredible progression for Artificial Intelligence. As large language models (LLMs) have evolved, they have become invaluable tools for enriching the capabilities of defenders – instantly providing the knowledge, procedures, opinions, visualizations, or code any given situation demands. However, these same models provide outputs that enable even low-sophistication attackers to uplift their own skill-levels.

Much has been written about how AI, particularly Large Language Models (LLMs), will transform cybersecurity. Some say it'll be for the worse, and some say it'll be for the better. Although SURGe firmly believes that AI will end up helping defenders much more than it helps threat actors, it's sometimes hard to envision the exact form in which this help will, or should, come.

Splunk Asset and Risk Intelligence empowers organizations to identify and address vulnerabilities in their security posture proactively. By leveraging key compliance framework controls and providing customizable dashboards and metrics, ARI offers clear visibility into assets missing critical security controls. This allows organizations to proactively close gaps in security controls, regardless of the regulatory frameworks they must comply with.

The threat landscape is constantly evolving and expanding, making it more difficult than ever for organizations to keep up and defend against the latest threats. Today’s SecOps teams need cutting-edge security tools and threat intelligence-driven detection content to proactively defend against the latest tactics, techniques and procedures (TTPs) that organizations face today.

In today’s digital age, achieving cyber resilience is no longer an option—it has become a necessity. Yet, according to the latest report by Splunk, conducted in collaboration with Foundry, a significant cyber confidence gap exists among public sector organizations in this critical area.

As organizations face the imminent threat of an IT service outage or cyberattack, they often fail to step back and understand how well they've planned to deal with the crisis. According to recent research, we know that: Perhaps the most regrettable part of it all? Almost half (45%) of these organizations already acknowledge the inadequacy of their disaster recovery capabilities.

In the realm of cybersecurity, understanding how unauthorized access can compromise sensitive systems is critical—this is where the concept of privilege escalation comes into play. In this article, we will look at what privilege escalation is, how it exploits vulnerabilities and best practices for protecting your organization against privilege escalation.

The e-commerce world was recently shaken by the discovery of a vulnerability in Adobe Commerce and Magento, two of the most widely used e-commerce platforms. Dubbed "CosmicSting" and designated as CVE-2024-34102, this vulnerability exposes millions of online stores to potential remote code execution and data exfiltration risks.

In September 27, 2024, Okta disclosed a critical vulnerability affecting their Classic environment that created a concerning security gap in identity protection. The vulnerability, active since July 17, 2024, allowed attackers with valid credentials to bypass application-specific sign-on policies by simply modifying their user-agent string.

Braodo Stealer is one of the many active and evolving malware families designed to steal sensitive information, such as credentials, cookies, and system data, from compromised machines. Typically written in Python, this malware employs a variety of obfuscation techniques to conceal its true intentions, making it challenging for security solutions to identify.