If IT security is top-of-mind for you and your organization, asset and application discovery is critical — you need to know all of the assets you have in order to identify any areas of vulnerability.

As the cybersecurity landscape continually evolves, SOCs must quickly identify, evaluate, and counteract cyberattacks. In the heat of a security investigation or incident response, achieving rapid visibility and rich contextual insights about the attack are not merely advantageous, but essential.

As the digital landscape continues to evolve, new cyber threats continue to emerge. It’s imperative to have safeguards in place early on in the product development process. That’s where Secure by Design comes in.

In the fast-paced world of cybersecurity, where the threat landscape is continuously evolving, organizations face unprecedented challenges. An expanding attack surface, rising vulnerabilities, and a relentless onslaught of cyberattacks have significantly increased organizational risk.

One of the most challenging aspects of running an effective Security Operations Center (SOC) is how to account for the high volume of notable events that actually do not present a risk to business. These events often include common occurrences like users forgetting their passwords a ridiculous number of times or accessing systems at odd hours for valid reasons. Despite their benign nature, struggling to handle the volume of such potential threats may often overwhelm limited staff.

In this installment of Hunting with Splunk we’re showing you how to detect suspicious and potentially malicious network traffic to “new” domains. First, let’s delve into what we mean by “new” domains and why you should make a habit of detecting this activity in the first place. (Part of our Threat Hunting with Splunk series, this article was originally written by Andrew Dauria. We've updated it recently to maximize your value.)

Two critical vulnerabilities have been exposed in JetBrains TeamCity On-Premises versions up to 2023.11.3. Identified by Rapid7’s vulnerability research team in February 2024, CVE-2024-27198 and CVE-2024-27199 pose a significant threat, enabling unauthenticated attackers to potentially gain administrative control or execute code remotely on affected TeamCity servers.

Welcome to the final installment in our “Add to Chrome?” research! In this post, we'll experiment with a method to find masquerading, or suspicious clusters of Chrome extensions using Model-Assisted Threat Hunting (M-ATH) with Splunk and the Data Science & Deep Learning (DSDL) App. M-ATH is a SURGe-developed method from the PEAK framework, which uses models or algorithms to help find threat-hunting leads, or to help make complex problems more approachable.

Fraud is a problem that impacts all of us in different ways; there’s probably no one who hasn’t been directly or indirectly impacted by some kind of fraudulent activity. Have you or someone you know had their identity stolen? Has someone hacked your email or social media account? Have you had money taken from your account (think bank or credit cards here) one way or another? These are all examples of fraud and how it can affect us.

Recently, the cybersecurity world has been abuzz with discussions about Phemedrone, a newly emerged stealer exploiting the CVE-2023-36025 vulnerability in Microsoft Windows Defender SmartScreen. The project was most recently available on GitHub; however, the project was taken down, and the associated account was removed. Active development still occurs via Telegram.