Security

February 01, 2025

4 Minute Read

Security Staff Picks To Read This Month, Handpicked by Splunk Experts

By Tamara Chacon

Hello and welcome! Every month, our Splunk staff of security experts share their favorite reads of the month — this way, you can follow the most interesting, news-worthy, and innovative stories coming from the wide world of cybersecurity.

Here, we'll share a variety of articles, original research, presentations, whitepapers, and customer case stories. Topics that may be covered in these hand-picked reads may include:

Cybersecurity news
InfoSec and computer security
Threat hunting and detection engineering
AI & security
Risk management
Emerging trends
And much more!

We've been running this Security Picks series for years, and now we're making some updates: bookmark this URL, because we'll be making all of our recommendations here moving forward. So, anytime you have a little downtime or are wondering what to read to stay on the nose, check out these security articles hand-picked by security experts.

Security articles to read in February 2025

Protecting Your Organization by Measuring “Days at Risk”

Author: Chris Perkins
Recommended by: Chris Perkins (LinkedIn)

Why we like it: This article discusses the "Days at Risk" model to assess risk within organizations.

OWASP Non-Human Identities Top 10

Author: OWASP
Recommended by: Mick Baccio (LinkedIn)

Why we like it: “Non-human identity (NHI) is a digital credential that identifies and authorizes machines, devices, and applications within an IT infrastructure. NHIs are used to automate tasks, improve efficiency, and innovate.

Think of things like- API keys, OAuth tokens, and service accounts, etc. Attackers are leveraging these identities to carry out malicious activity, and there are no signs of stopping.So what to do? Read the OWASP top ten for NHIs and start implementing these recommendations into your environment today.”

New Amazon Ransomware Attack—‘Recovery Impossible’ Without Payment

Author: Davey Winder
Recommended by: Ronald Beiboer (LinkedIn)

Why we like it: “The title is somewhat misleading since the impossibility of recovery stems from the encryption process, which is a standard feature of most ransomware attacks.

That said, it's intriguing to see how attackers are now leveraging cloud-native tooling to carry out these attacks. The use of AWS encryption functionality and lifecycle policies is something companies should be aware of since you can prevent or detect this to prevent significant harm.”

FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation

Author: Ravie Lakshmanan
Recommended by: Mark Stricker (LinkedIn)

Why we like it: “Interesting article on how the FBI is removing the PlugX malware from US computers. A couple of things to note: 1) the operation identified over 4K machines with the malware ahead of time, 2) the operation was enabled by a court order, and 3) The owners of the machines were notified AFTER the malware was removed. While this was done to improve the security of US computer systems generally, the fact that these machines were changed without the owners consent ahead of time is concerning. It brings up an important issue that we as a society need to discuss: to what extent can law enforcement take steps that change citizen's information systems without their knowledge? Where are the boundaries?”

Araneida Scanner: Silent Push Discovers Cracked Acunetix Web App & API Scanner

Author: Silent Push
Recommended by: Mike Polisky (LinkedIn)

Why we like it: “Researchers from Silent Push have discovered threat actors using the Araneida web application scanner (based on a cracked version of Acunetix web application vulnerability scanning tool), to find entry points into unsuspecting target networks. The software has been linked to an IT company based in Ankara Turkey, based on Brian Krebs reporting. Adversary infrastructure has been identified and IOFAs (Indicators of Future Attacks), are listed at the bottom of the article. Add them to your block list!”

The US’s Worst Fears of Chinese Hacking Are on Display in Guam

Author: Katrina Manson
Recommended by: Audra Streetman (@audrastreetman / @audrastreetman@infosec.exchange)

Why we like it: “This article highlights cyber vulnerabilities across Guam's critical infrastructure, which supports both civilians and U.S. military operations in the Pacific. It delves into the ongoing China-nexus campaign by an actor dubbed "Volt Typhoon" that targets the island’s civilian infrastructure, including power grids and telecommunications networks. Officials believe Volt Typhoon is prepositioning to launch disruptive or destructive cyberattacks in the event of a future conflict with China. Through the lens of local utility workers and federal cybersecurity efforts, the piece reveals skepticism among some workers about the scale of the threat, a reluctance among some underresourced companies to engage with officials, and the overall geopolitical stakes of protecting the U.S.'s westernmost outpost.”

The Paper Passport Is Dying

Author: Matt Burgess
Recommended by: Tamara Chacon (@holly1g0lightly)

Why we like it: “In his article, Matt Burgess explores how the traditional paper passport is being replaced by digital alternatives that utilize facial recognition technology and smartphones for identity verification. He also delves into the concerns and risks raised by the security community, such as data privacy, surveillance, and potential breaches. The article provokes thoughts about the future of travel, the balance between efficiency and security, and how we will protect personal information in this evolving landscape.”

More Security Recommendations & Resources

That rounds out this month’s security reading recommendations! Check back next month for your next to-reads. In the meantime, check out these resources for more security content:

Splunk Security Teams To Follow

SURGe

Splunk Threat Research Team (STRT)

More Recommendations

Staff Picks for Splunk Security Reading November 2021

Hello everyone! Welcome to the Splunk staff picks blog. Each month, Splunk security experts curate a list of presentations, white papers, and customer case studies that we feel are worth a read. We hope you enjoy.

Security 3 Min Read

Hunting for Detections in Attack Data with Machine Learning

Learn how to leverage the real-world and simulated attack data that Splunk's Threat Research team collected to use machine learning to discover attack activity and identify how to transform insights into detections.

Security 6 Min Read

Threat Hunting for Dictionary-DGA with PEAK

Explore applied model-assisted threat hunting for dictionary-based domain generation algorithms using the SURGe Security Research Team's PEAK Threat Hunting Framework.

About Splunk

The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.

Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.

Learn more about Splunk