Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

January 2023

All the Proxy(Not)Shells

On September 28th it was disclosed by GTSC that there was a possible new zero day being abused in the wild beginning in early August. Although this campaign looked very similar to the previously abused vulnerability in Microsoft Exchange, dubbed ProxyShell at the time, comprising 3 CVEs (CVE-2021-34473, CVE-2021-34523 and CVE-2021-31207) that when combined enabled an adversary to gain remote access to an Exchange PowerShell session that may be abused.

Post-Quantum Cryptography & Preparing for Post-Quantum Encryption (PQE)

Quantum computing is an emerging technology that, in due time, will enable amazing power for humanity. With good comes bad. Bad actors are likely to harness quantum computing to distrust, steal or cause harm — threatening our global ways of living and working. We must help federal agencies and commercial enterprises to build quantum safety and quantum resilience against a worst-case scenario. Fortunately, the threat is being recognized. On December 21, 2022, the U.S.

Coffee Talk with SURGe: Ticketmaster, Apple Hardware Security Keys, Ukraine, Cognitive Biases

Grab a cup of coffee and join Ryan Kovar, Mick Baccio, and Audra Streetman for another episode of Coffee Talk with SURGe. The team from Splunk will discuss the latest security news, including: Mick and Ryan also competed in a 60 second charity challenge to explain how cognitive biases can negatively impact cyber threat intelligence assessments.

The Ethical Hacking Guide: Hacking for Security

Companies are under more threat than ever. The rise in cyber threats is alarming: 2021 saw a 30% increase in cyberattacks compared with 2020. Even sophisticated systems with complex countermeasure technologies for security may be vulnerable to attack. Many organizations turn to hackers to counteract these threats. Ethical hackers use the tools and methods of malicious actors to help companies pinpoint their weaknesses and build a more resilient and secure system.

Shift Left Security: How To Shift Security Left for Software Development

For a long time, security and development were two distinct aspects of programming. As organizations started to leverage software and technology as differentiating factors, the speed and quality of development became more important than ever. Organizations no longer had time after development was complete to address security vulnerabilities. Catching vulnerabilities too late opens companies up to unnecessary risk and can be costly to fix.

Leveraging Your Data to Drive Business Outcomes and Improve Cyber Resilience

It was another eventful year for security professionals in 2022. The year began on the tail of the Log4j vulnerability, data breaches were on the rise, and ransomware attacks were as prevalent as ever. So it’s safe to say cyber resilience is required to be at the forefront for public sector leaders.

Putting the 'E' in Team: Solution Integration Enablement for Security Build Motion Partners

I am sure many of you have heard the term “cybersecurity is a team sport.” If you haven’t, I say get on the right team. Security is a complex, ever-changing game of skill and preparedness (never chance). As we like to say here at Splunk, it is all about cyber resilience. To best be prepared to win this game, we need the best team. As with any team sport, there really needs to be other teams - after all what fun is it playing by yourself?

From Registry With Love: Malware Registry Abuses

The Windows Registry is one of the most powerful Windows operating system features that can tweak or manipulate Windows policies and low-level configuration settings. Because of this capability, most malware or adversaries abuse this hierarchical database to perform malicious tasks on a victim host or environment. Over the last 2 years, the Splunk Threat Research Team has analyzed and reverse engineered some of the most prevalent and successful malware families.

How Cross-Site Scripting (XSS) Attacks Work & How To Prevent Them

Cross-Site Scripting (XSS) attacks are bad news. And they can affect lots of people, often unknowingly. Chief among the top cybersecurity threats affecting users worldwide, any website with unsafe elements can become vulnerable to XSS attacks — making visitors to that website unwitting cyberattack victims. To secure your website from XSS attacks, you must first know what they are.

Introducing Attack Range v3.0

The Splunk Threat Research Team (STRT) is happy to release v3.0 of the Splunk Attack Range. Splunk Attack Range is an open source project that allows security teams to spin up a detection development environment to emulate adversary behavior and use the generated telemetry data to build detections in Splunk. This blog highlights the new features introduced in version 3.0 to help build resilient, high-quality detections.

PCI Compliance Done Right with Splunk

The New Year brings with it so much to look forward to and we are happy to bring even more to be excited about: a new release for the Splunk App for PCI Compliance. Starting January 11th, version 5.1 will be Generally Available. In this blog, let's review the main benefits of the Splunk App for PCI Compliance and highlight the improvements that version 5.1 brings.

2022: A deluge of awards for Splunk France

In 2021, I wrote a blog post congratulating the Splunk France team on winning several awards. In 2022, they won even more... This is a quote from the former Arsenal manager Arsène Wenger, which I think is particularly apt. By winning multiple awards, specifically related to cybersecurity, we've shown that we can do even better. Last year, our client Carrefour helped us present our cybersecurity project with them to panels of judges made up of IT managers and CISOs.

Is The CIA Triad Relevant? Confidentiality, Integrity & Availability Today

These days, security is more important to companies than sales. When your company must maximize renewals, you’re not selling your product once — you’re selling it day in, day out. The moment your security breaches or your services go down, guarantee your customers and users are considering your competitor. Strong cybersecurity helps safeguard your data and your networks from theft, fraud and unauthorized access.

Predictions 2023: Data Investments Will Pay Off for the Public Sector

Here at Splunk we’ve been looking ahead to 2023 through our annual predictions for the public sector. This report is once again published alongside our leadership insights and emerging trends, IT and observability, and security editions. The new year presents many challenges that will affect the public and private sectors alike, including economic volatility, intensifying cyberattacks, the tech talent shortage and more.

2023 Security Trends for APAC and the Evolving Role of CISOs

The focus on resilience is changing the role of security leaders in organizations today and will continue to do so in 2023. 2022 saw a lot of disruption in businesses, especially with rising cybercrime incidents. Cyber threats will only continue to grow and multiply due to the ongoing convergence of data, changing the discipline of cybersecurity altogether.

CISA Top Malware Summary

This blog summarizes the Splunk Threat Research Team’s (STRT) recent review of the CISA Top 10 Malware strains for the year 2021 report. While many of these payloads have been covered in our past and present research (available at research.splunk.com), these malware families are still active in the wild. Notably, five malware families we analyzed in this article can still be seen in the ANY.RUN Malware Trends Tracker.

How To Do AppSec: The Application Security Guide

Modern applications are sophisticated, with different third-party software and hardware components and complicated integrations compared to legacy applications. With these complications, there is an increase in exploitable vulnerabilities in the application layer. Thus, application security is one of the most critical aspects organizations should focus on to secure their applications from cyberattacks.

Coffee Talk with SURGe: LastPass, Slack, CircleCI, Chick-fil-A, CISA, ChatGPT, 2022 Year in Review

Grab a cup of coffee and join Ryan Kovar, Mick Baccio, and Audra Streetman for another episode of Coffee Talk with SURGe. The team from Splunk will discuss the latest security news, including: Mick and Ryan competed in a 60 second charity challenge to share their opinion of ChatGPT and its impact on the cybersecurity industry. The team also discussed some of the major security headlines from 2022.

Cloud Native Security: The 4C Approach, The 3Rs & Strategies for Cloud Native Security

Many organizations today develop, build and deploy cloud native applications that utilize infrastructure and services offered by cloud computing providers like AWS, Azure or Google Cloud Platform (GCP). This trend highlights a critical consideration for organizations — how to secure applications, infrastructures and data in cloud-native systems.