Over the last five to ten years cybersecurity has become a boardroom subject in the majority of enterprises. This would have never happened without ransomware. Ransomware has been the best board-level awareness tool ever.

Data is among the most valuable assets for companies, making it a prime target for malicious actors. Ransomware attacks that seize data and demand a price for its return have become a significant concern for businesses and individuals. According to the Verizon 2024 Data Breach Investigations Report, about one-third of all breaches involved ransomware or another extortion technique. Here’s everything you need to know about ransomware and how to prevent a successful attack.

Today, the Splunk Threat Research Team is thrilled to introduce ShellSweepPlus, an advancement in our ongoing mission to combat the persistent threat of web shells. Building upon the solid foundation of its predecessor ShellSweep, ShellSweepPlus is an enhanced version that takes web shell detection to new heights, incorporating cutting-edge techniques and a multifaceted approach to safeguard your web environments.

Back in the early days of the internet, people looked forward to hearing that deep, robotic voice announcing “you’ve got mail!” Today, whether you like it or not, email is fundamental to personal and business communications. In 2022, people sent and received an estimated 333 billion emails daily, with the number expected to increase to 392.5 billion by 2026. Experiencing a security incident on your email server can interrupt business operations leading to lost revenue.

OpenSSH, an application installed by default on nearly every Unix-like and Linux system, has recently come under scrutiny due to a critical vulnerability discovered by Qualys. Designated as CVE-2024-6387 and aptly named "regreSSHion," this flaw exposes Linux environments to remote unauthenticated code execution. The implications of this vulnerability are far-reaching, potentially affecting countless servers and infrastructure components across the globe.

Vulnerability management is the continuous process of identifying and addressing vulnerabilities in an organization’s IT infrastructure, while patch management is the process of accessing, testing, and installing patches that fix bugs or address known security vulnerabilities in software applications. Vulnerability management and patch management are crucial SecOps processes that protect IT assets against cyber threats and prevent unauthorized access to secure systems.

In addition to Splunk’s recognition as a 10-time Leader in the 2024 Gartner Magic Quadrant for Security Information and Event Management (SIEM), we are extremely proud to announce that Splunk was ranked as the #1 SIEM solution in all three Use Cases in the 2024 Gartner Critical Capabilities for Security Information and Event Management report.

The threat of phishing attacks looms larger than ever. The LA County Department of Public Health recently announced that 50 employees fell victim to phishing attacks, compromising sensitive patient data. These deceptive schemes have become a staple in the cyberthreat landscape, targeting individuals and businesses of all sizes. For every employee, understanding the signs and consequences of a phishing attack is crucial to safeguarding their organization.

Managing vulnerabilities can feel like the end of the first act of Les Misérables as you sing to yourself, “one day more, another day another vulnerability.” Like Jean Valjean, you attempt to put up barricades to protect your environment from attackers exploiting these security weaknesses. Keeping pace with the number of vulnerabilities and threat actor activities becomes overwhelming, leaving you to feel outnumbered and outmanned.

Bolster your organization’s observability and security capabilities on one platform with AI, anomaly detection, and enhanced attack discovery Organizations in today’s digital landscape are increasingly concerned about service availability and safeguarding their software from malicious tampering and compromise. The traditional security and observability tools often operate in silos, leading to fragmented views and delayed responses to incidents.