Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Blog

What is endpoint detection and response? EDR security explained

As recent global health events have changed the world, the cybersecurity landscape has changed along with it. Almost all organizations — large or small — have seen their attack surface grow. For those unfamiliar with the term, an attack surface represents the sum total of all the ways in which a bad actor can exploit an endpoint or network to retrieve data. Every endpoint that connects to or communicates with the network is part of the network attack surface.

LokiBot Malware: What it is and how to respond to it

The Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security recently announced that activity in LokiBot, a form of aggressive malware, has increased dramatically over the last two months. The activity increase was discovered by an automated intrusion detection system referred to as EINSTEIN, which the Department of Homeland Security uses for collecting and analyzing security information across numerous government agencies.

Discover latest security vulnerabilities in minutes with Detectify

25 minutes. That’s how long it took to bring high severity security vulnerabilities to Detectify Asset Monitoring customers from the moment they were discovered. On a more technical side, our Security Researchers, led by Tom Hudson, implemented a high priority vulnerability test to detect an Arbitrary File Read in VMware vCenter, and released it into production in this record time.

SIEM: What Is SIEM, How It Works, and Useful Resources

SIEM stands for Security information and event management. This technology has existed since the late 1990s. Traditional SIEM has been joined by a broad use log management technology that focuses on collecting various types of logs and events for different purposes, such as: SIEM vendors usually provide different combinations of functionalities to offer the benefits listed above.

How to Set Up an SSH Jump Server

In this blog post we’ll cover how to set up an SSH jump server. We’ll cover two open source projects. Both of these servers are easy to install and configure, are free and open-source, and are single-binary Linux daemons. An SSH jump server is a regular Linux server, accessible from the Internet, which is used as a gateway to access other Linux machines on a private network using the SSH protocol.

Lookout and Verizon Committed to Protecting Small Businesses with the Launch of Business Mobile Secure

Our mission has always been to secure the mobile experience and for many in our current climate, that means protecting employees as they work from home. Verizon recently announced the launch of Business Mobile Secure, a full security solution designed specifically for small and medium business customers with Lookout mobile security at the helm of the bundle’s modern endpoint protection offerings.

5 Essential Steps to Improve Cybersecurity Maturity

From small- and medium-sized organizations to large enterprises, every business is under continuous threat of security risk in today’s digital world. With the growing digital footprint and cloud adoption, organizations continue to experience sophisticated cyberthreats that hold the potential to disrupt business continuity. A vast majority of these threats can go undetected, or they can be detected too late for an organization to avoid the exposure and the associated risks.

What Is Password Spraying, and How Can You Spot and Block Attacks?

In 2019, a data heist at Citrix shook the cybersecurity world. The attackers stole business documents from a shared network drive and from a drive associated with a web-based tool used in Citrix’s consulting practice. The hackers gained this access to Citrix’s IT infrastructure through a password spraying attack, a technique that exploits weak passwords, leading to criticism that the software giant needlessly compromised its clients by failing to establish a sound password strategy.

CyRC analysis: Circumventing WPA authentication in wireless routers with Defensics fuzz testing

Three WPA authentication bypass vulnerabilities were found in wireless routers using the Defensics fuzz testing tool. WPA3 will become a mandate for all new wireless devices, which can only be a good thing considering the number of vulnerabilities found in WPA2 implementations. Learn about the basic concepts (and common weaknesses) of WPA authentication, how these vulnerabilities work, and how proactive fuzz testing can identify and address similar issues in WPA implementations.

Phishing Emails - Less Ocean, More Aquarium

Here at Splunk, when we discuss Splunk Phantom with customers we end up talking about phishing pretty frequently because it’s something like Olivia outlined in a recent blog post, "Between Two Alerts: Phishing Emails — Don’t Get Reeled In!", customers both encounter and talk to us about all the time. It makes a lot of sense — phishing is a super common issue that almost everyone deals with ad nauseum and it’s annoying to investigate.