Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

November 2024

What is Privilege Escalation? An Introduction

In the realm of cybersecurity, understanding how unauthorized access can compromise sensitive systems is critical—this is where the concept of privilege escalation comes into play. In this article, we will look at what privilege escalation is, how it exploits vulnerabilities and best practices for protecting your organization against privilege escalation.

CosmicSting: A Critical XXE Vulnerability in Adobe Commerce and Magento (CVE-2024-34102)

The e-commerce world was recently shaken by the discovery of a vulnerability in Adobe Commerce and Magento, two of the most widely used e-commerce platforms. Dubbed "CosmicSting" and designated as CVE-2024-34102, this vulnerability exposes millions of online stores to potential remote code execution and data exfiltration risks.

Bypassing the Bypass: Detecting Okta Classic Application Sign-On Policy Evasion

In September 27, 2024, Okta disclosed a critical vulnerability affecting their Classic environment that created a concerning security gap in identity protection. The vulnerability, active since July 17, 2024, allowed attackers with valid credentials to bypass application-specific sign-on policies by simply modifying their user-agent string.

Cracking Braodo Stealer: Analyzing Python Malware and Its Obfuscated Loader

Braodo Stealer is one of the many active and evolving malware families designed to steal sensitive information, such as credentials, cookies, and system data, from compromised machines. Typically written in Python, this malware employs a variety of obfuscation techniques to conceal its true intentions, making it challenging for security solutions to identify.

Unlocking the Power of Splunk's Data Management and Federation Capabilities

IT environments are more complex than ever, with data scattered across multiple sources. Splunk’s data management and federation capabilities provide efficient, cost-effective ways to control, shape, and access data in real-time. Ensure visibility, security, and compliance while optimizing costs. Manage your data at scale and access it wherever it resides with Splunk’s flexible tools.

Federated Analytics: Analyze Data Wherever It Resides for Rapid and Holistic Security Visibility

Data is everywhere, sprawling across cloud, on-premises, and hybrid environments. As security practitioners, we need fast access to this data to analyze it, draw insights, and uncover potential threats. However, the sheer volume of data and complexity of threats makes it difficult to maintain visibility, detect stealthy attacks, and respond quickly to security incidents.

Unify and Automate TDIR Workflows with Splunk SOAR 6.3 and Splunk Enterprise Security 8.0

Security teams are juggling 25+ different security tools that perform different actions across detection, investigation and response. Look up an IP here, send malware to a sandbox there, block an executable over there. What’s worse is that the vast majority of those actions are being performed manually. This approach is simply too slow against fast-moving attackers and malware, and it certainly isn’t sustainable.

SOAR in Seconds - Playbook Building with Natively Integrated SIEM and SOAR

In Splunk SOAR 6.3, SOAR features now come fully integrated with Splunk Enterprise Security 8.0. In this demo, see how to easily create a Splunk SOAR playbook in the context of your SIEM workflows. Playbooks and actions are now directly integrated within the Splunk Enterprise Security analyst queue. You can run playbooks and see the results without leaving the Splunk Enterprise Security interface. Both a Splunk SOAR and Splunk Enterprise Security license is required.