Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

Enabling You to Get the Best from AWS: Introducing the New Calico AWS Expert Certification

Calico is the industry standard for Kubernetes networking and security. It offers a proven platform for your workloads across a huge range of environments, including cloud, hybrid, and on-premises. Given this incredibly wide support, why did we decide to create a course specifically about AWS?

Wall Street Journal Predicts Dire Cybersecurity Days Ahead, Endorses Zero Trust

Let’s be honest for a second. This is a corporate blog. Yes, we aim to provide our readers with actionable, educational information. And, yes, we strive for complete transparency. But, at the end of the day, we understand if you’re skeptical of some of what’s written here. We’re a business, not a news publication, and it’s impossible for us to be completely unbiased all the time.

Detecting Password Spraying Attacks: Threat Research Release May 2021

The Splunk Threat Research team recently developed a new analytic story to help security operations center (SOC) analysts detect adversaries executing password spraying attacks against Active Directory environments. In this blog, we’ll walk you through this analytic story, demonstrate how we can simulate these attacks using PurpleSharp, collect and analyze the Windows event logs, and highlight a few detections from the May 2021 releases.

Digital Data Loggers vs. Chart Recorders. When To Upgrade

A digital data logger is an electronic device that measures and records various environmental conditions. These conditions can be temperature, humidity, pressure, voltage, or current. Measuring them is essential in many industries where compliance regulations exist. A chart recorder is essentially an old-school version of the digital data logger. Instead of using a microprocessor for storage, a chart recorder marks the measurements on a paper chart that shows variations in the values recorded at a glance. In this article, we will take a closer look at each and compare the two.

SolarWinds and the Secure Software Supply Chain

In early 2020, threat actors breached the build systems of Solarwinds and used this access to add malicious code into one of SolarWinds products. The product, called “Orion”, is very widely used and deployed by tens of thousands of companies, including many Fortune 500 companies.

Automated Falco rule tuning

We recently released the automated Falco rule tuning feature in Sysdig Secure. Out-of-the-box security rules are a double-edged sword. On one side, they allow you to get started right away. On the other, it can take many working hours to learn the technology, configuration, and syntax to be able to customize the rules to fit your applications. Falco’s default security rules are no different.

CVE-2021-31440: Kubernetes container escape using eBPF

In a recent post by ZDI, researchers found an out-of-bounds access flaw (CVE-2021-31440) in the Linux kernel’s (5.11.15) implementation of the eBPF code verifier: an incorrect register bounds calculation occurs while checking unsigned 32-bit instructions in an eBPF program. The flaw can be leveraged to escalate privileges and execute arbitrary code in the context of the kernel.

Can They Really See That Data? Auditing Access Controls Across Environments

"Who has access to sensitive financial data in our organization?" Assuming you have a definition of what "sensitive financial data" means for your organization, can you easily answer this question? If you needed to perform an audit to verify only the appropriate people have access, what actions would you take?

How South Dakota Bureau of Information and Telecommunications deploys Elastic to secure endpoints

The South Dakota Bureau of Information and Telecommunications (BIT) provides quality customer services and partnerships to ensure South Dakota’s IT organization is responsive, reliable, and well-aligned to support the state government’s business needs. The BIT believes that “People should be online, not waiting in line.” The bureau’s goals for the state's 885,000 residents include.

ProblemChild: Generate alerts to detect living-off-the-land attacks

In an earlier blog post, we spoke about building your own ProblemChild framework from scratch in the Elastic Stack to detect living off the land (LOtL) activity. As promised, we have now also released a fully trained detection model, anomaly detection configurations, and detection rules that you can use to get ProblemChild up and running in your environment in a matter of minutes.