Splunk’s Post

🚨Attention!🚨 SolarWinds Serv-U Vulnerability: CVE-2024-28995 Threat actors are actively exploiting a high-severity path traversal vulnerability (CVE-2024-28995) in SolarWinds Serv-U. Using publicly available PoC exploits, they can read arbitrary files from the filesystem via specially crafted HTTP GET requests. This vulnerability affects the following products: Serv-U FTP Server 15.4 Serv-U Gateway 15.4 Serv-U MFT Server 15.4 Serv-U File Server 15.4.2.126 and earlier Rapid7 and independent researchers have demonstrated the simplicity of exploiting this flaw. GreyNoise reported that attackers are using various strategies to target this vulnerability. 🌟 Urgent Action: SolarWinds has released 15.4.2 Hotfix 2 to address this issue. It is critical for system administrators to apply these updates immediately. #cybersecurity #SolarWinds #infosec #vulnerability #CVE202428995 https://lnkd.in/deMn3-UV

Rethinking security: the essential elements of effective application whitelisting solutions #whitelist #microsegmentation #truefort https://lnkd.in/gyUuAAFZ

Cyberattacks are an existential risk, with 89% of organizations ranking ransomware as one of the top five threats to their viability, according to a November 2023 report from TechTarget’s Enterprise Strategy Group, a leading analyst firm.[1] And this is just one of many risks to corporate data – insider threats, data exfiltration, hardware failures, and natural disasters also pose significant danger. ... Read More Der Beitrag IBM adds AI-enhanced data resilience capabilities to help combat ransomware and other threats with enhanced storage solutions erschien zuerst auf All About Security.

"The threat actor exploited two Ivanti Connect Secure zero-day vulnerabilities to target Mitre's Virtual Private Networks, then dug deep into the organization's VMware infrastructure using a compromised administrator account." "The hackers used session hijacking to bypass multi-factor authentication requirements, then "employed a combination of sophisticated backdoors and webshells to maintain persistence and harvest credentials." "At the time we believed we took all the necessary actions to mitigate the vulnerability," the post read, "but these actions were clearly insufficient." Any organization can become victim of a cyber-attack. Having a mature risk management and incident response program can only reduce the risk - there is certainly a lot of value in that! #DOD #CMMC #RiskManagement #Mitre #BoardofDirectors #CSuite https://lnkd.in/gSqprzeu

Justin V., a Principal Security Engineer at Two Six, wrote a blog post how to "Automate Contextualization of Honeypot Alerts." A honeypot is a computer security mechanism set to detect, deflect, and counteract attempts at unauthorized use of information systems. Justin recognized that manually contextualizing honeypot alerts is a time consuming process, and identified a solution. Thank you for sharing your knowledge! Read the blog post here: https://lnkd.in/e-8UZzzN Watch Justin's recent talk to tie it all together here: https://lnkd.in/epEGGxBM

Some of the usual suspects for hacker targets. Passwords, startup functions, file transfer protocol, and configurations. “The most frequently targeted files seen by Greynoise are: - \etc/passwd (contains user account data on Linux) - /ProgramData/RhinoSoft/Serv-U/Serv-U-StartupLog.txt (contains startup logs info for the Serv-U FTP server) - /windows/win.ini (initialization file containing Windows configuration settings)”

Lacework now automates Composite Alerts on the #Kubernetes control plane, specifically to detect early signs of potential #K8s user and service account credential compromises. Learn more in a new blog from Security Engineer Yihua Zhang ⬇️

Splunk Enterprise Security and Splunk User Behavior Analytics (UBA) recently identified vulnerabilities in several third-party packages, including babel/traverse, handsontable, semver, loader-utils, json5, socket.io-parser, protobuf, and Guava. The severity of these vulnerabilities ranged between 7.1 (High) and 9.8 (Critical). Splunk was quick to act and has already patched these vulnerabilities. Stay safe and secure by keeping your systems updated. Learn more about these vulnerabilities here: https://lnkd.in/gtmDETNw #splunk #vulnerabilities #patch

Kudos to Sysdig's Crystal Morin for this post on cloud-native security implications. From a CISO perspective, some topics really hit home, namely the temporal considerations of our incident response practices. Bluntly, we don't have much time to detect and respond to highly automated threat actors. I love her suggestion of doing real-time tabletop exercises where time constraints are an integral part of the exercise. Also of note, and not surprising given Sysdig's notable contributions to this topic, is the guidance on #vulnerabilitymanagement that looks for known-exploited vulnerabilities and that subset of vulnerabilities that occur at #runtime. Identity governance is also brought front and center. Permissions and entitlements remain a common challenge necessitating attention within our security programs. It's clear that the temporal context of modern cloud deployments and application architecture requires us to up our game and focus on new forms of risk and respond accordingly, and fast! #CISO #identitymanagement #incidentresponse #cloudsecurity https://lnkd.in/gKux3irs