Over twenty years ago, a series of corporate financial scandals set off a chain reaction, culminating in criminal convictions and new legislation. After uncovering accounting fraud across public companies like Enron, WorldCom, and Tyco, the US Congress enacted the Sarbanes-Oxley Act of 2002 (SOX).

Investigating a security event is the less glamorous version of an episode of CSI: Crime Scene Investigation. Without the snazzy, high-end, mostly-fictitious technology that television shows you, your actual digital forensics investigation usually involves an arduous process of reviewing technical data and looking for the breadcrumbs a malicious actor left behind.

Despite implementing cybersecurity administrative and technical risk mitigation control, companies still experience cybersecurity incidents and data breaches. Not every security incident ends with data exfiltration. An organization that can contain the attacker early in the kill chain can prevent data loss and reduce the incident’s impact.

David Bowie once sang, “ch-ch-ch-changes, turn and face the strange.” While the changes to ISO 27000-series may look strange, they’re primarily a configuration and modernization of the same standard you already know. The standard’s format looks entirely different, but most of your current controls will remain the same.

Welcome to our technical blog, where we’ll be diving into the world of Graylog and how you can secure your Graylog Server with Transport Layer Security (TLS). As an admin or a tech-savvy user, you know the importance of protecting your Graylog Server and the logs it manages from unauthorized access.

In life, you get a lot of different alerts. Your bank may send emails or texts about normal account activities, like privacy notices, product updates, or account statements. It also sends alerts when someone fraudulently makes a purchase with your credit card. You can ignore most of the normal messages, but you need to pay attention to the fraud alerts. Security is the same way.

Protecting data and protecting business continuity are both similar and different. In a data driven world, your mission as a security analyst is to prevent threat actors from gaining unauthorized access to sensitive data and systems. Simultaneously, you also need to investigate incidents rapidly, ensuring that critical services experience as little downtime as possible.

In a world where attackers can move fast, security teams need to move faster. According to SANS research from 2022, adversaries can perform intrusion actions within a five-hour window. While analysts need the Millennium Falcon of security technologies that enable threat detection and response in under twelve parsecs, increasingly complex IT environments make the 1-10-60 Framework feel unachievable.

According to reporting by several cybersecurity publications the 3CX Desktop Application has been exploited in a supply chain attack. The 3CX client is a popular VOIP and messaging application used by over 600,000 companies. From the article on Bleeping computer This supply chain attack, dubbed ‘SmoothOperator’ by SentinelOne, starts when the MSI installer is downloaded from 3CX’s website or an update is pushed to an already installed desktop application.

In cybersecurity as in sports, teamwork makes the dream work. In a world where security analysts can feel constantly bombarded by threat actors, banding together to share information and strategies is increasingly important. Over the last few years, security operations center (SOC) analysts started sharing open source Sigma rules to create and share detections that help them level the playing field.