Detecting Password Spraying Attacks: Threat Research Release May 2021

The Splunk Threat Research team recently developed a new analytic story to help security operations center (SOC) analysts detect adversaries executing password spraying attacks against Active Directory environments. In this blog, we’ll walk you through this analytic story, demonstrate how we can simulate these attacks using PurpleSharp, collect and analyze the Windows event logs, and highlight a few detections from the May 2021 releases.

pandora fms

Google Authenticator and Pandora FMS, defend yourself from cyberattacks

For a long time, the Internet has been an easily accessible place for most people around the world, full of information, fun, and in general, it is an almost indispensable tool for most companies, if not all, and very useful in many other areas, such as education, administration, etc. But, since evil is a latent quality in the human being, this useful tool has also become a double-edged sword.


Cybersecurity Executive Order Summary: What It Means and How to Get Your Software Ready

Earlier this month, an executive order was issued from the White House aimed at improving the cybersecurity of the United States. This much-anticipated order comes on the heels of widely publicized digital attacks, such as Colonial Pipeline and SolarWinds, which illustrate the current state of cybersecurity standards in the software industry.

Types of Cryptography Attacks

Cryptography is an essential act of hiding information in transit to ensure that only the receiver can view it. IT experts achieve this by encoding information before sending out and decoding it on the receiver's end. Using an algorithm, IT experts can encrypt information using either symmetric or asymmetric encryption. However, like any other computer system, attackers can launch attacks on cryptosystems.

New Executive Order Forces Federal Agencies to Rethink Log Management

Last week President Biden issued a widely publicized executive order to improve cybersecurity and protect federal government networks. The order comes in the wake of several prominent attacks against public-sector and private-sector infrastructure in recent months including last week’s Colonial Pipeline ransomware attack that disrupted fuel supplies and triggered gasoline shortages in the Southeast.

Keep OSS supply chain attacks off the menu: Tidelift catalogs + JFrog serve known-good components

How does your organization keep track of all of the open source components being used to develop applications and ensure they are secure and properly maintained? Our recent survey data shows that the larger an organization gets, the less confident they are in in their open source management practices. In companies over 10,000 employees, 39% are not very or not at all confident their open source components are secure, up to date, and well maintained.

ProblemChild: Detecting living-off-the-land attacks using the Elastic Stack

When it comes to malware attacks, one of the more common techniques is “living off the land” (LOtL). Utilizing standard tools or features that already exist in the target environment allows these attacks to blend into the environment and avoid detection. While these techniques can appear normal in isolation, they start looking suspicious when observed in the parent-child context. This is where the ProblemChild framework can help.


Recent Pipeline Attack Highlights Our Vulnerable Infrastructure

On Thursday, May 6, Colonial Pipeline, which operates a pipeline that delivers gasoline and jet fuel to nearly 45 percent of the U.S. East Coast, fell victim to a ransomware attack. The attack took over 100 gigabytes of data hostage, causing the company to halt all pipeline operations and shut down several of its systems. The attackers, identified as a criminal gang known as DarkSide, threatened to leak proprietary information unless a ransom is paid.


Preventing SQL injection attacks with automated testing

SQL injection is one of the most destructive ways an application can be attacked. This kind of attack is targeted toward the application database, which can result in consequences that are irreversible, lead to loss of money, and reduce user trust in your company. There are far too many application data breaches happening every day, usually when a malicious agent attacks the database.