The Splunk Threat Research Team recently developed a new analytic story, Active Directory Kerberos Attacks, to help security operations center (SOC) analysts detect adversaries abusing the Kerberos protocol to attack Windows Active Directory (AD) environments. In this blog post, we’ll describe some of the detection opportunities available to cyber defenders and highlight analytics from the analytic story.
The Splunk SOAR team is excited to be recognized within Forrester’s report Now Tech: Security Orchestration, Automation, And Response (SOAR), Q2 2022. Splunk SOAR is categorized within the Security Analytics Portfolio functionality segment and in the “Large” vendor market presence segment. The following post will share more on our views of the report, our position in this dynamic market landscape, and a look at what’s ahead.
The Splunk Threat Research Team continues to address ongoing threats in relation to geopolitical events in eastern Europe. The following payload named Cyclops Blink seems to target Customer Premise Equipment devices (CPE). These devices are generally prevalent in commercial and residential locations enabling internet connectivity (Cable, DSL Modems, Satellite Modems, Firewalls, etc).
Call me David. As you might have heard, Log4Shell, “the single biggest, most critical vulnerability ever”1 was recently disclosed to the public. You may even have seen us make mention of it here, here, here, or even maybe here. Splunkbase was impacted by way of apps both made by Splunk and third-party developers.
Hey There, Recently we ran a webinar ( English | German | French) in which we showed how Security Operations Teams can plan based on the MITRE ATT&CK Navigator, a threat-centric defense strategy. We also demonstrated how to operationalize it with content from the Splunk Security Essentials app via Splunk Enterprise Security. We received so many questions from attendees during the session that we weren’t able answer them all.
There are rare occasions when you open the news and don't find anything about cybersecurity in the headlines. According to the Australian Cyber Security Centre (ACSC), Australia has dealt with a cyberattack every 8 minutes in the financial year 2020-21, with over 67,500 cases of cybercrime registered in the same year. Studies indicate that ransomware is one of the most frequent and damaging types of malware leveraged by cybercriminals.
The Splunk Threat Research Team is monitoring several malicious payloads targeting Customer Premise Equipment (CPE) devices. These are defined as devices that are at customer (Commercial, Residential) premises and that provide connectivity and services to the internet backbone. Examples include.
