Staff Picks for Splunk Security Reading March 2024

Hello, everyone! Welcome to the Splunk staff picks blog. Each month, Splunk security experts curate a list of presentations, whitepapers, and customer case studies that we feel are worth a read.

Check out our previous staff security picks, and we hope you enjoy. 

Justin Bull

Linkedin

What’s in your notepad? Infected text editors target Chinese users by Sergey Puzan for Securelist

"I found this particular malvertising vector interesting as I remember recently researching and downloading several Notepad++ alternatives to try them out and compare features.  As a user who switches between Mac and PC, I feel a twinge of disappointment when I can't use my Notepad++ on my Macbook."

David Montero-Suárez

LinkedIn

Making AI Ethical by Design: The UNESCO Perspective by Gabriela Ramos, Mariagrazia Squicciarini, Eleonora Lamm 

“In a digital society, InfoSec comprehends many aspects of our day-to-day. With LLMs on the rise, major tech players are including them in their proposals. It is good to see concerted efforts from global organizations and very interesting their takes on the evolving discussion on how to frame AI operation and figure out how to perform a comprehensive threat modeling, particularly on the intangibles.”

Mark Stricker

@maschicago

Crafting and Communicating Your Cybersecurity Strategy for Board Buy-In by The Hacker News

"The biggest obstacle for many cybersecurity teams is a lack of resources. Teams are overextended. They don't have enough people or budget to address the growing cybersecurity threats they face. They also have the problem of justifying their resources that every protection program has — if they are successful, nothing happens! This article works through the ways in which cybersecurity leaders can make the strategic importance of their efforts clear to board members. It's an effort that can pay off in more secure and resilient environments!"

Sydney Marrone

@letswastetime

Behind the Scenes: The Daily Grind of Threat Hunter by Kostas

"If you're curious about the day-to-day life of a threat hunter, look no further! This blog post explores the routine of threat hunters, uncovering common tasks and challenges they face. It breaks down the process from hypothesis creation to investigating suspicious events, highlighting the importance of research and correlation in threat hunting. Remember, everything may not be as it seems at first glance. Happy hunting!”

Unsupervised Machine Learning with Splunk: the cluster command by Alex Teixeira

“Looking to dive into machine learning-driven threat hunting using Splunk but unsure where to begin? This blog post walks through applying unsupervised machine learning techniques using Splunk's cluster command. It shares the basics of clustering algorithms that can be used to detect patterns and anomalies in your data, along with a practical example you can implement in your Splunk environment. With numerous machine learning-based commands available, Splunk offers many opportunities for exploring your own data. Happy hunting!”

Kassandra Murphy

Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds by Andy Greenberg for WIRED

"There are a couple of rules to keep in mind when attending hacker conferences in Las Vegas and they include things like don’t use the public Wi-Fi, don’t use your computer at all if you can help it (okay maybe I’m paranoid), and don’t pick up and use any USBs you find lying around. Some lesser known considerations now may include the use of your hotel room door lock. 

In 2022, during a hacker conference, a group of individuals were encouraged to hack hotel rooms in Las Vegas and report their findings. It turns out, one team discovered a hotel keycard hack they’re calling Unsaflok. This hack exposed a host of vulnerabilities that allowed them to open various models of Saflok-brand keycard locks that were RFID-based. This particular brand of keycard lock is installed on more than three million doors throughout the world covering 13,000 properties in more than 100 countries. 

The article details the process of the exploit and subsequent techniques used as well as the information about the patching or updating of said keycard locks which, thankfully, don't necessarily require a hardware replacement. I’d strongly recommend using your deadbolt or door stop, both prior to and after reading this article."

Audra Streetman

@audrastreetman / @audrastreetman@infosec.exchange

How AI Is Helping The U.S. Unravel China’s Dangerous Hacking Operation by Eric Geller for The Cipher Brief

“It’s always interesting to learn how agencies and organizations are using artificial intelligence for network defense. In this article, Eric Geller reports on how the U.S. intelligence community is using AI to analyze vast amounts of data to spot anomalous activity, such as irregular account logins. These alerts are helping officials detect compromise by a PRC state-sponsored threat actor tracked by Microsoft as Volt Typhoon, which is believed to be pre-positioning against U.S. critical infrastructure to launch potentially disruptive and destructive cyberattacks in the event of a future conflict with China.”