Howdy, folks! A new month, so a new list of security picks! Splunk security nerds (employees and customers) like to make things. They like to make LOTS of things. But sometimes... they get lost! So as we promised in early 2018, we are bringing you some golden security nuggets you might not have seen before. These monthly postings will feature the favorite security-centric presentations, white papers and customer case studies from various peeps in the Splunk (or not) security world that WE think everyone should read.
Check out our monthly staff security picks and our all-time best picks for security books and articles. I hope you enjoy.
We aren't going |
Device and Data Access when Personal Safety is at Risk by Apple I have become more and more aware of how technology can enable abusers in abusive relationships over the last few years. Great talks by folks like Xena Olsen, who spoke at SANS CTI 2020 on how people use Stalkerware against "loved ones," and testimonials from friends and colleagues have opened my eyes to the dangers of technology. Especially Mobile phones. Thankfully some great folks over at Apple have released this document that outlines how to protect yourself better if you are an iPhone user. Read it, pass it along, and make it available to anyone you can. It may save a life. |
To talk about |
Top Ten Security Updates from AWS re:Invent 2020 by Phil Rodrigues It isn't easy keeping up with the release of new cloud services, especially during AWS re:Invent. This year has been no different, with AWS introducing several interesting new security-related services at re:Invent over the past few weeks. This summary posted by Phil Rodrigues on LinkedIn captures ten (plus a bonus selection) of the most interesting. It includes various goodies ranging from AWS Network Firewall (a stateful layer-7 advanced virtual firewall) to Code Signing for AWS Lambda. I found it to be a concise and valuable summary! |
that thing that is |
Zero-click zero-day targets journalists by Pierluigi Paganini At least 36 journalists were targeted using a zero-click zero-day on their iPhones. Using the KISMET exploit chain, which includes a zero-click exploit in Apple's iMessage software, attackers were able to compromise Al Jazeera staff, including journalists in July and August 2020. This attack appears to have primarily focused on the personal devices of the targets, but the reality is that protecting against this type of adversary is incredibly difficult even on enterprise controlled devices. Performing regular security audits, looking for anomalies in baseline configurations, and updating to the most current version of the OS are things an enterprise team can do to detect and protect against these types of attacks. |
The news. So just |
DevSecOps as an idea and a practice is only gaining more and more traction as organizations realize that security MUST be part of the DevOps process further to the "left" in the development cycle. I found this blog post from @christophetd particularly helpful for those looking for some practical tips about how to approach "shifting left" some security practices for your infrastructure as code that leverages Terraform. I'm a big fan of Terraform from @hashicorp for provisioning cloud infrastructure on your cloud provider of choice. Checking this infrastructure both before and after it's deployed is a critical part of ensuring your cloud presence has a strong security posture. |
read our blog posts |
As I look back over the past few weeks, there is a tremendous amount of great articles, papers, and discussions to share. In fact, my concern is that there is so much out there that some of the issues being confronted get overlooked compared to others. That's why I wanted to highlight a report that dropped from the fine folks at The Citizen Lab. They released an excellent, well researched report on journalists IOS devices being hacked using a zero-click exploit. Citizen Lab lays out the background, the technical details of the attacks, as well as analyzing a live infection. The Citizen Lab team hypothesized around the interests of specific operators targeting specific journalists as well, but it notes that "Counting the 36 cases revealed in this report, there are now at least fifty publicly known cases of journalists and others in media targeted with NSO spyware, with attacks observed as recently as August 2020." These attacks are taking place against journalists in many parts of the world that goes beyond just this report. Take a little time out of your day, and check out this report. |
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.