Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Logging

chaossearch

Why Log Analytics is Key to Unlocking the Value of XDR for Enterprises

Apr 6, 2023 By David Bunting In ChaosSearch
Cyber threats are becoming more sophisticated, and enterprise security teams are under constant pressure to improve and enhance their threat detection and response capabilities. But as security teams expand their security logging tools and capabilities, the burden of monitoring those tools and investigating alerts grows exponentially.
Read Post

Coffee Talk with SURGe: 2023-APR-04 3CX Supply Chain Compromise, Medical Device SBOMs, ChatGPT

Apr 5, 2023 By Splunk In Splunk
Grab a cup of coffee and join Ryan Kovar, Mick Baccio, and Audra Streetman for another episode of Coffee Talk with SURGe. The team from Splunk will discuss the latest security news, including: Audra and Mick competed in a 60 second charity challenge on whether or not they see artificial intelligence reaching singularity, with proceeds benefiting DataEthics4All. The trio wrapped up with a deep dive into the RESTRICT ACT and proposed TikTok ban in the United States.
View Video
devo

Rogue AI is Your New Insider Threat

Apr 4, 2023 By Kayla Williams In Devo

When ChatGPT debuted in November 2022, it ushered in new points of view and sentiments around AI adoption. Workers from nearly every industry started to reimagine how they could accomplish daily tasks and execute their work — and the cybersecurity industry was no exception. Like shadow IT, new rogue AI tools — meaning AI tools that employees are adopting unbeknownst to the organization they work for — can pose security risks to your organization.

Read Post
splunk

The State of Security 2023: Collaboration Is Essential For Building Resilience

Apr 4, 2023 By Jason Lee In Splunk
Security is, and always has been, a tough job. Security teams continue to face escalating cyberattacks while being bombarded by false positives and clocking more hours due to staffing shortages. However, security leaders and practitioners alike also understand that these crises are inevitable — and are increasingly focusing their efforts on recovering as quickly and efficiently as possible when disaster strikes.
Read Post
splunk

Using Workflow Actions & OSINT for Threat Hunting in Splunk

Apr 3, 2023 By Ryan Kovar In Splunk
Picture yourself, a threat hunter using Splunk, and the words "workflow action" are uttered by your helpful security Splunker... Workflow actions make you a faster and more effective security analyst. They allow you to skip the laborious steps of logging into various websites to do your job and just get straight to business.
Read Post
graylog

Detecting the 3CX Supply Chain Attack with Graylog and Sigma Rules

Apr 3, 2023 By The Graylog Team In Graylog
According to reporting by several cybersecurity publications the 3CX Desktop Application has been exploited in a supply chain attack. The 3CX client is a popular VOIP and messaging application used by over 600,000 companies. From the article on Bleeping computer This supply chain attack, dubbed ‘SmoothOperator’ by SentinelOne, starts when the MSI installer is downloaded from 3CX’s website or an update is pushed to an already installed desktop application.
Read Post
splunk

Command and Control: Understanding & Defending Against C2 Attacks

Mar 31, 2023 By Laiba Siddiqui In Splunk
Attackers go through several stages to make an attack successful. And the last line in the defense system they aim to break is the command and control (C2). C2 attacks are a severe threat to organizations of all sizes and types because, if successful, adversaries can steal all your valuable data. To protect against these attacks, you should implement a security framework and robust policies, including technical and organizational measures.
Read Post
splunk

Splunk Insights: Investigating the 3CXDesktopApp Supply Chain Compromise

Mar 31, 2023 By Splunk Threat Research Team In Splunk
CrowdStrike announced on 3/29/2023 that an active intrusion campaign was targeting 3CX customers utilizing a legitimate, signed binary, 3CXDesktopApp (CISA link). As the investigations and public information came out publicly from vendors all across the spectrum, C3X customers of all sizes began investigating their fleet for signs of compromise. These campaigns are often referred to as supply chain compromises, or MITRE ATT&CK T1195.
Read Post
splunk

Visible Risks Assessments in the Financial Services Industry

Mar 31, 2023 By Nimish Doshi In Splunk
In a world with increased regulation, uncertainty in the banking business due to the climate or unforced errors, and liquidity concerns, the capability for risk management departments, auditors, and compliance departments to have timely access to reports and data that drive their decisions becomes more important than ever. Saying that you have enough data points is like saying you have enough security.
Read Post
splunk

Spear Phishing: The Ultimate Guide To Seeing & Stopping Spear Phishing

Mar 31, 2023 By Joseph Nduhiu In Splunk
When it comes to cyberattacks, the human dimension of the cybersecurity environment is a complex vulnerability. Without awareness, any employee, contractor or user is the most unprotected asset. A person who can be easily exploited with a social engineering attack. Because of inherent human characteristics — ignorance, fear, misplaced trust — people are by nature very susceptible to being manipulated to let down their guard.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.