Digital Resilience Pays Off
Download this e-book to learn about the role of Digital Resilience across enterprises.
Staff Picks for Splunk Security Reading July 2023
Hello, everyone! Welcome to the Splunk staff picks blog. Each month, Splunk security experts curate a list of presentations, whitepapers, and customer case studies that we feel are worth a read.
Check out our previous staff security picks, and we hope you enjoy.
Chris Perkins
Unraveling Zero Trust: An Airport Security Analogy + ODAM
"This blog post aims to present a comprehensive examination of the intricate relationship between ODAM (Operationalizing Data Analytics Methodology) and Zero Trust Architecture (ZTA), with a focus on clarifying the prevailing industry discourse. While marketing teams excel in guiding customers towards informed purchasing decisions and articulating the advantages of specific products for organizations, this analysis will delve into the convergence of zero trust and ODAM, illuminating the profound synergies and strategic advantages that arise from their seamless integration."
Haylee Mills
Investigate by ZombieLucy for goblinloot.net
"I love this breakdown of what's happening when an analyst gets an alert and the biases to keep in mind with how analysts work and how we provide context as detection engineers. The bullet points at the end are all gold, but in particular: 'Engineers must reduce the investigative load on analysts as much as possible.' PREACH!"
Zachary Christensen
WormGPT: New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks from The Hacker News
"WormGPT is one of the latest generative artificial intelligence (AI) cybercrime tools. It's easier than ever for adversaries to launch various attacks using the tool. Like ChatGPT, cybercriminals can use this technology to help create phishing emails, malware, and more. Furthermore, by leveraging WormGPT, foreign actors can more easily create compelling emails personalized to the intended target, increasing the success rate without being hindered by a language barrier.
WormGPT and tools like it are just the start of a new wave of cybercrime tools that will emerge to make it even easier for an adversary to quickly and easily automate the creation of targeted attacks."
Ryan Fetterman
Rockwell warns of new APT RCE exploit targeting critical infrastructure by Sergiu Gatlan for Bleeping Computer
"Industrial Control Systems (ICS) often run totally unique protocols compared to the IT environment. These protocols can include proprietary and sometimes undocumented control codes and logic. This advisory states that 'following successful exploitation, malicious actors could also manipulate the module's firmware, wipe the module memory, alter data traffic to and from the module, establish persistent control, and potentially impact the industrial process it supports.' This amount of functionality reveals that adversaries are investing significant resources into building, testing, and potentially reverse-engineering specific ICS hardware and software to build targeted capabilities. As these exploits become more widely available, they can be re-used by less skilled adversaries, and we may see a rapid increase of exploitation attempts."
Richard Marsh
Compromised Microsoft Key: More Impactful Than We Thought by Shir Tamari for Wiz.io
"Microsoft's Response to Storm-0558 is easily one of the biggest news stories of the year. The severity of a compromised MSA key cannot be overstated. Organizations have a responsibility to check their environment for any activity that could have originated from this attacker. Unfortunately, this includes first-party Microsoft applications and third-party AAD apps. Wiz gives a great explanation of how to best check your Azure environment for impact in this post."
Audra Streetman
@audrastreetman / @audrastreetman@infosec.exchange
White House Says Amazon, Google, Meta, Microsoft Agree to AI Safeguards by Sabrina Siddiqui and Deepa Seetharaman for the Wall Street Journal
"The White House recently met with representatives from seven major tech companies—Amazon, Anthropic, Google, Inflection, Meta, Microsoft, and OpenAI— to discuss guardrails for the development of artificial intelligence (AI) technology. This includes the creation of an AI watermarking system for visual and audio content to help identify AI-generated media and what system created it. The guidelines are voluntary, unenforceable, and most notably, they do not include the disclosure of data used to train AI algorithms, which can result in unintended bias. The agreement is one step in the right direction, but much more action is needed to address the risks involved with the rapid growth of AI technology."
Related Articles
About Splunk
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.
Subscribe to our blog
Get the latest articles from Splunk straight to your inbox.
Connect with Splunk on X
Follow @Splunk
