Salesforce houses high volumes of customer information, support tickets, quotes and files, synced emails, tasks & notes, and much more. This data can often be accessed by teams across the company who may leverage Salesforce to provide prospects and customers with a great customer experience. However, allowing sensitive data like PII and credit card numbers to live within Salesforce can pose security & compliance risks.
The Elastic Security team identified a noteworthy cluster of malicious activity after reviewing our threat prevention telemetry. A valid code signing certificate is used to sign malware to help the attackers remain under the radar of the security community. We also discovered a novel malware loader used in the campaign, which we’ve named BLISTER. The majority of the malware samples observed have very low, or no, detections in VirusTotal.
To help contain the damages that arise from the log4j vulnerability, Code Intelligence collaborated with Google’s Open Source Security Team. Together, we implemented effective bug detectors for Remote Code Execution Vulnerabilities (RCEs) to Google’s open source fuzzing framework, OSS-Fuzz.
Security Information and Event Management (SIEM) is the combination of Security Information Management (SIM) and Security Event Management (SEM) systems. SEM systems store and interpret logs for real-time security event analysis which enables quick defensive action. SIM systems collect data for trend analysis and provide automated reporting. By combining these two technologies together, a SIEM provides rapid identification, analysis, and recovery from security events.
Threat hunters and incident responders are under tremendous time pressure to investigate breaches and incidents. While they are collecting and sorting massive quantities of forensic data, fast response is critical to help limit any damage inflected by the adversary. This article and video will provide an overview of Falcon Forensics, and how it streamlines the collection and analysis of point-in-time and historic forensic data.
The world of cybersecurity has been constantly challenged since the pandemic started. With the dust still settling, a new concern has taken the entire cyber landscape by storm. A flaw in Log4j, a widely used Java-based logging library, allows hackers unbridled access to computer systems. The vulnerability (CVE-2021-44228) affects everything from the cloud to security devices. Attackers have come up with worms that can spread independently from one vulnerable system to another.
It was early 2003 in central Iraq, a couple of hours before dawn, 30 degree heat, and everything had a green tint through the night vision goggles. I was on an operation with a team from the US Psychological Operations forces (psyops) and an ODA (Operational Detachment Alpha) from the US Special Forces. We'd spent days gathering HUMINT (Human Intelligence) and undertaking reconnaissance on the target. The ODA team was set up for the assault, the psyops were ready to run diversionary tactics and I was on the team providing comms and perimeter security. Authorisation was given from above, the operation began, and the sky lit up with tracer rounds.
Fairwinds Insights is Kubernetes governance and security software that enables DevOps teams to monitor and prevent configuration problems in their infrastructure and applications. Not only does Fairwinds simplify Kubernetes complexity, but it also reduces risk by surfacing security and reliability issues in your Kubernetes clusters.
The situation involving the log4j ( log4shell ) vulnerability has been rapidly evolving since its release a little over a week ago. A new exploit, CVE-2021-45046, was found which was not covered by the initial 2.15.0 patch. Not long after the 2.16.0 patch was released, another issue was found, CVE-2021-45105, which resulted in the release of 2.17.0. There is clearly a lot going on in the log4j library.
