Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

March 2023

Command and Control: Understanding & Defending Against C2 Attacks

Attackers go through several stages to make an attack successful. And the last line in the defense system they aim to break is the command and control (C2). C2 attacks are a severe threat to organizations of all sizes and types because, if successful, adversaries can steal all your valuable data. To protect against these attacks, you should implement a security framework and robust policies, including technical and organizational measures.

Splunk Insights: Investigating the 3CXDesktopApp Supply Chain Compromise

CrowdStrike announced on 3/29/2023 that an active intrusion campaign was targeting 3CX customers utilizing a legitimate, signed binary, 3CXDesktopApp (CISA link). As the investigations and public information came out publicly from vendors all across the spectrum, C3X customers of all sizes began investigating their fleet for signs of compromise. These campaigns are often referred to as supply chain compromises, or MITRE ATT&CK T1195.

Visible Risks Assessments in the Financial Services Industry

In a world with increased regulation, uncertainty in the banking business due to the climate or unforced errors, and liquidity concerns, the capability for risk management departments, auditors, and compliance departments to have timely access to reports and data that drive their decisions becomes more important than ever. Saying that you have enough data points is like saying you have enough security.

Spear Phishing: The Ultimate Guide To Seeing & Stopping Spear Phishing

When it comes to cyberattacks, the human dimension of the cybersecurity environment is a complex vulnerability. Without awareness, any employee, contractor or user is the most unprotected asset. A person who can be easily exploited with a social engineering attack. Because of inherent human characteristics — ignorance, fear, misplaced trust — people are by nature very susceptible to being manipulated to let down their guard.

What Generative AI Means For Cybersecurity: Risk & Reward

In recent years, generative artificial intelligence (AI), especially Large Language Models (LLMs) like ChatGPT, has revolutionized the fields of AI and natural language processing. From automating customer support to creating realistic chatbots, we rely on AI much more than many of us probably realize. The AI hype train definitely reached full steam in the last several months, especially for cybersecurity use cases, with the release of tools such as.

Coffee Talk with SURGe: The Interview Series featuring Allan Liska

Join Coffee Talk with SURGe for our bi-weekly interview series. This week, SURGe member Shannon Davis interviews Allan Liska, threat intelligence analyst at Recorded Future and author of Ransomware: Understand. Prevent. Recover. They'll talk about the threat of ransomware, including recent trends, the impact of hack-back operations, and how organizations can become more resilient against attacks.

AI TRiSM Explained: AI Trust, Risk & Security Management

AI Trust, Risk and Security Management (AI TRiSM) is an emerging technology trend that will revolutionize businesses in coming years. The AI TRiSM framework helps identify, monitor and reduce potential risks associated with using AI technology in organizations. By using this framework, organizations can ensure compliance with all relevant regulations and data privacy laws. In this article, you'll learn what AI TRiSM is, how it works, and how organizations can use it for their benefit.

How Data Resilience Drives Customer, Cyber & Business Resilience

With evolving cyber threats and sudden disasters, data resilience is among the critical components of any business. Data resilience helps businesses provide continuous, uninterrupted services to their customers. This article explains data resilience, its importance for current businesses, and the most common strategies to achieve data resilience. It also describes the advantages and challenges of achieving business data resilience.

AsyncRAT Crusade: Detections and Defense

In January 2019 AsyncRAT was released as an open source remote administration tool project on GitHub. AsyncRAT is a popular malware commodity and tools used by attackers and APT groups. Threat actors and adversaries used several interesting script loaders and spear phishing attachments to deliver AsyncRAT to targeted hosts or networks in different campaigns.

Common Cybersecurity Jobs: Skills, Responsibilities & Salaries

Looking for a stable job in tech? Cybersecurity is one of the fastest growing employment segments — with a zero percent unemployment rate! This is a promising field for new graduates in the technology sector with strong backgrounds in systems design, data and mathematics. What roles and responsibilities can you expect in the cybersecurity domain? Here is a list of cybersecurity roles, their responsibilities, skills required and average annual salary.

Governance, Risk, and Compliance (GRC) Explained: Meaning, Benefits, Challenges & Implementation

Enterprises these days are facing a triple threat: stiffer government policies, volatile cyberspace and an extra-competitive economy. And without a well-planned strategy, it will be hard to survive all these and hit high-performance goals. Hence the need for an effective GRC strategy. Since its invention in 2003, GRC as a strategy for achieving organizational goals amidst uncertainty and with integrity, has stayed true to its primary purpose. Despite the increasing turbulence in the economy.

My Username Fields Have Passwords in Them! What Do I Do?

As security practitioners, we like to read blogs, whitepapers, and even Mastodon “toots” that talk about new or novel threats and vulnerabilities. Recently, our fearless and never sleeping Security Strategist Leader James Brodsky called attention to a blog post from a researcher that highlighted the risks of password disclosure in authentication logs.

Machine Learning in Security: Detecting Suspicious Processes Using Recurrent Neural Networks

Malicious software like ransomware often use tactics, techniques, and procedures such as copying malicious files to the local machine to propagate themselves across the network. A few years ago, the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the Department of Health and Human Services issued a joint cybersecurity advisory to ward off potential harm from threat actors for at-risk entities.

Breaking the Chain: Defending Against Certificate Services Abuse

In recent years, there have been several high-profile cyber attacks that have involved the abuse of digital certificates. Digital certificates are electronic credentials that verify the identity of an entity, such as a person, organization, or device, and establish trust between parties in online transactions. They are commonly used to encrypt and sign data, authenticate users and devices, and secure network communications.

The SQL Injection Guide: Attacks, Types, Signs & Defense Against SQLi

Most dynamic web applications and sites — ones that store and process user information — use some sort of database implementation. One of the most common implementations involves SQL. Structured Query Language is a standard language for relational database management systems (RDBMS). It lets you query database records, change and modify them, set permissions, create custom views and storage procedures.

Zero Day Defined: Zero-Day Vulnerabilities, Exploits & Attacks

Zero-Day” is an intriguing concept in the domain of cybersecurity. Imagine diligently following security best practices such as patching exploits and updating the systems regularly. Plus, you’re following strict risk management and governance frameworks within the organization to vet new software applications for security risk before adding them to your library. But what happens when the security flaws are novel — and a patch does not exist?

Coffee Talk with SURGe: Oakland Ransomware Attack, BreachForums, Acropalypse Vulnerability, GPT-4

Grab a cup of coffee and join Ryan Kovar, Mick Baccio, and Audra Streetman for another episode of Coffee Talk with SURGe. The team from Splunk will discuss the latest security news, including: Mick and Ryan shared their takes on responding to 0day vulnerabilities and the trio also discussed GPT-4 and the future of generative AI.

What's Digital Rights Management (DRM)? Protecting Intellectual Property Today

Digital rights management (DRM) is a set of technologies, tools and techniques to protect your copyrighted digital content from unauthorized copying, sharing or usage. Content creators, organizations and distributors typically implement DRM to control access to their intellectual or sensitive property and ensure that it is only used by the terms and conditions they have established. It also helps companies secure their files and enables safe sharing, so they don’t land in the wrong hands.

SOCtails - Unify Security Operations with Splunk Mission Control

Security teams constantly pivot between multiple tools and management consoles in order to detect, investigate, and respond to security incidents. It's time-consuming and complex. And it's Kevin's personal nightmare. Jeff shows Kevin how to unify his security operations across detection, investigation and response using Splunk Mission Control.

Unify Your Security Operations with Splunk Mission Control

Splunk Mission Control brings order to the chaos of your security operations by enabling your SOC to detect, investigate and respond to threats from one modern and unified work surface. Watch this 5 minute demo video to learn how Mission Control unifies your security operations experience across Splunk’s industry-leading security technologies and partner ecosystem in one work surface. The demo use case focuses on how an analyst detects, investigates and responds to an encoded PowerShell attack.

The SOC Manager/Director Role: Skills, Duties, Salary & More

Cybercriminals target organizations to steal sensitive data, disrupt operations, or cause damage to organizations. But a well-designed security operations center (SOC) helps prevent these attacks from ever occurring. SOC managers detect and respond to cyber security threats to ensure your organization operates securely. They manage the team, develop policies and procedures, and keep the CISO informed about security operations. Let’s take a look at the SOC manager role.

Fraud is in Your Backyard

Each day, there are multiple news stories about fraud. Some share details about fraud committed against government entities or agencies, some tell us about instances in our educational institutions, and still, others describe the types of fraud against individuals in the form of identity theft. In the post-pandemic United States, fraud has increased in the public sector because our government has made benefits more accessible to those in need.

Overcome Cybersecurity Challenges to Improve Digital Resilience

The idea that digital resilience — the ability to prevent, detect, respond to and recover from disruptive events — is critical to digital business would surprise no one. As the Splunk report Digital Resilience Pays Off illustrates, organizations that are farther along on their digital resilience journey enjoy $48 million lower annual downtime costs and 2 times higher digital-transformation project success rate than their less digitally resilient peers.

The Compliance-as-a-Service (CaaS) Ultimate Guide

Today, many organizations are governed by various types of industry regulations. To name a few: General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA) and California Consumer Privacy Act (CCPA). These regulations are subject to regular and complex amendments, and many compliance officers expect proactive compliance from every regulated company.

Coffee Talk with SURGe: The Interview Series with Sergio Caltagirone

Join us as we kick off our new bi-weekly 1-1 interview series, starting with Sergio Caltagirone. Sergio was formerly at NSA, Director of Threat Intelligence at Microsoft, VP of Threat Intelligence at Dragos, Technical Director of the Global Emancipation Network, now the founder and president of the Threat Intelligence Academy, and of course, co-author of The Diamond Model. We will talk about all the things threat intelligence, thought models, and probably a solid side of snark.

What Is Cyber Forensics?

Cyber forensics refers to the practice of extracting information, analyzing the data and gaining intelligence into activities that involve the use of technology as a structured chain of evidence that can be presented in the court of law. In this article, I’ll look at the basics of cyber forensics: what it’s for, phases in a forensic procedure, challenges and how it goes far beyond auditing.

Supply Chain Attacks: What You Need to Know

Every day, thousands of companies download updates to their software. With a click of a button, they can walk away and return the next morning with everything reorganized and in order. While a staple of modern life, this action is no longer completely harmless. It is now one of many attacks that bad actors use to access systems and execute supply chain attacks.

Behavioral Analytics Explained: How Analyzing (Odd) Behavior Supports Cybersecurity

Behavior Analytics (BA) is a widely used technique that helps you gain insights into various behavioral patterns to make data-driven decisions. This article describes behavior analytics, particularly how it is used in cybersecurity, and the actions it involves. We’ll also provide describe popular BA tools and discuss their key benefits.

Threat Advisory: SwiftSlicer Wiper STRT-TA03

The ongoing geo-political crisis in Eastern Europe continues to be the scenario of deployment of a variety of payloads linked to information stealing and data/network destruction. The deployment of these payloads has been associated or contingent with Military actions as Microsoft and ESET have observed in some of their publications. These campaigns have targeted critical infrastructure affecting civilian populations in addition to military targets.

Cyber Counterintelligence (CCI): Offensive & Defensive Strategies for Cybersecurity

Armed with innovative techniques, cyber attackers today come from various organized cybercrime groups, foreign intelligence services and other competitor organizations. With more sophisticated attacking techniques developed daily by such attackers, organizations must know their purpose and behaviors in advance — and devise strategies to avoid them. Cyber counterintelligence is an effective way to improve your cybersecurity posture.

CIO vs. CISO vs. CPO: What's The Difference?

Businesses been forced to step up their approach to security and privacy in the past few years due to: This growing digital complexity has led to the evolution of three vital executive-level positions: CIO, CISO and CPO — the Chief Information Officer, the Chief Information Security Officer and the Chief Privacy Officer. As three separate executive-level positions within companies centered around technology and cybersecurity, the lines between CIO, CISO and CPO can get blurry.

Manufacturing Predictions - the highlights for 2023

After having accelerated cloud and digital transformations during the pandemic, manufacturers might be forgiven for wanting to take a pit stop. But there is no time to slow down and rest on their laurels. On top of inflation, energy price shocks and economic uncertainty the technology landscape is shifting, faster than ever before — and so are the new kids on the block such as massive cyberattacks and sustainability imperatives.