Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Logging

Meet EO 14028 requirements with Datadog Log Management, Cloud Workload Security, and Cloud SIEM

As of August 2023, only 3 out of 23 US government agencies were compliant with Office of Management and Budget (OMB) requirements for log management and security observability. These requirements are outlined in M-21-31, a 2021 memorandum that was issued following Executive Order 14028 on improving national cybersecurity. Until all of these agencies implement the new requirements, the federal government’s ability to fully detect, investigate, and remediate cybersecurity threats will be constrained.

Unveiling Phemedrone Stealer: Threat Analysis and Detections

Recently, the cybersecurity world has been abuzz with discussions about Phemedrone, a newly emerged stealer exploiting the CVE-2023-36025 vulnerability in Microsoft Windows Defender SmartScreen. The project was most recently available on GitHub; however, the project was taken down, and the associated account was removed. Active development still occurs via Telegram.

Add to Chrome? - Part 3: Findings and Recommendations

In the first two installments of this blog series, we explored some high-level concepts related to browser extensions and their security implications and then how we went about analyzing them. In this third blog we explore some of our findings and general recommendations on whether or not you should click “Add to Chrome” the next time you find a fancy new extension!

Add to Chrome? - Part 2: How We Did Our Research

Analyzing the content and security implications of browser extensions is a complex task! It's almost like trying to piece together a complex jigsaw puzzle (thanks JavaScript). Automation is a key way to reduce this complexity without adding to the workload of security staff. With so many extensions to inspect (we analyzed more than 140,000 of them), automating small portions of that analysis provided a big impact.

Tyk Gateway API Calls To Graylog API Security

Application Programming Interfaces (APIs) are the backbone of modern software development, enabling seamless communication between various systems and services. As organizations increasingly rely on APIs to power their applications and services, the need for robust API management and monitoring solutions becomes paramount. Capturing API calls and gaining insights into their behavior can significantly enhance the development, troubleshooting, and security of APIs.

Hunting M365 Invaders: Navigating the Shadows of Midnight Blizzard

On January 19, Microsoft issued an advisory disclosing a cybersecurity incident targeting their M365 tenants and attributing the attack to Midnight Blizzard, a state-sponsored actor also known as Nobelium and APT29. Following this, on January 24, the Microsoft team expanded on the initial announcement with a comprehensive blog post providing more insights about the attack and outlining specific tactics, techniques and procedures leveraged by the threat actor.

Building Resilient Organizations around IT and Cybersecurity

In this program, we hear from industry leaders focused on how to transform their teams and organizations while facing these challenges and how they address the gap in technically skilled employees while trying to foster this transformation. Speakers: Ed Hubbard, Director, Site Reliability and Monitoring - Travelport Mitch Ashley, CTO, Techstrong Group Principal - Techstrong Research James Brodsky, Group Vice President, Global Security Strategists - Splunk.

Supercharge Cybersecurity Investigations with Splunk and Graphistry: A Powerful Combination for Interactive Graph Exploration

As a data scientist and Splunk user, you know the importance of leveraging the right tools to gain valuable insights from your cybersecurity data. In this blog post, we'll dive deeper into how combining Splunk and Graphistry can help you unlock new capabilities for your cybersecurity investigations and gain better resilience for your organization.