A report by Keeper Security contains a survey of more than 800 global IT professionals and security executives, revealing key trends in the cybersecurity landscape. Notably, 92% of IT leaders surveyed state that cyberattacks have grown in frequency since 2023. As a result, cybersecurity may prove to become increasingly complex in 2024. Security leaders are […]
In the first two installments of this blog series (Part 1 and Part 2), we explored some high-level concepts related to browser extensions and their security implications and then how we went about analyzing them. In this third blog we explore some of our findings and general recommendations on whether or not you should click […]
Recently, the cybersecurity world has been abuzz with discussions about Phemedrone, a newly emerged stealer exploiting the CVE-2023-36025 vulnerability in Microsoft Windows Defender SmartScreen. The project was most recently available on GitHub; however, the project was taken down, and the associated account was removed. Active development still occurs via Telegram. Phemedrone distinguishes itself as a […]
Searching for bad actors within your organization can be challenging, like trying to find a needle in a haystack. To uncover these bad actors, we can utilize anomaly detection using the Splunk Platform (specifically Splunk Cloud Platform or Splunk Enterprise). By leveraging lookups, averages, and standard deviations, we can create behavior profiles and accurately identify […]
Hello, everyone! Welcome to the Splunk staff picks blog. Each month, Splunk security experts curate a list of presentations, whitepapers, and customer case studies that we feel are worth a read. Check out our previous staff security picks, and we hope you enjoy. Shannon Davis @DrShannon2000 How a 27-Year-Old Codebreaker Busted the Myth of Bitcoin’s […]
Fraud is a problem that impacts all of us in different ways; there’s probably no one who hasn’t been directly or indirectly impacted by some kind of fraudulent activity. Have you or someone you know had their identity stolen? Has someone hacked your email or social media account? Have you had money taken from your […]
Welcome to the final installment in our “Add to Chrome?” research! In this post, we’ll experiment with a method to find masquerading, or suspicious clusters of Chrome extensions using Model-Assisted Threat Hunting (M-ATH) with Splunk and the Data Science & Deep Learning (DSDL) App. M-ATH is a SURGe-developed method from the PEAK framework, which uses […]
Two critical vulnerabilities have been exposed in JetBrains TeamCity On-Premises versions up to 2023.11.3. Identified by Rapid7’s vulnerability research team in February 2024, CVE-2024-27198 and CVE-2024-27199 pose a significant threat, enabling unauthenticated attackers to potentially gain administrative control or execute code remotely on affected TeamCity servers. CVE-2024-27198, categorized under CWE-288, highlights an authentication bypass vulnerability […]
In this installment of Hunting with Splunk we’re showing you how to detect suspicious and potentially malicious network traffic to “new” domains. First, let’s delve into what we mean by “new” domains and why you should make a habit of detecting this activity in the first place. (Part of our Threat Hunting with Splunk series, […]
Snake Keylogger is a Trojan Stealer that emerged as a significant threat in November 2020, showcasing a fusion of credential theft and keylogging functionalities. Developed using .NET, its arsenal includes keystroke logging, harvesting stored credentials, and capturing screenshots. Moreover, it exhibits adeptness in gathering clipboard data, browser credentials, and conducting system and network reconnaissance. This […]
We hate spam, we obviously will not spam you!
Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC
