Operations | Monitoring | ITSM | DevOps | Cloud

The latest News and Information on CyberSecurity for Applications, Services and Infrastructure, and related technologies.

Pandora FMS vulnerability, feature or just a bad configuration?

We recently received a notification from a concerned user, because he had found a “vulnerability” in Pandora FMS. Besides, not just any vulnerability but one that seemed to give root access to the system. Next, this user called k4m1ll0 wrote a post in Medium warning the community about this vulnerability. If you want to read the original post, click here.

Support ending for TLS 1.0/1.1 and unencrypted HTTP traffic to Elasticsearch Service on Elastic Cloud

Starting April 21, 2020, all requests to Elasticsearch Service on Elastic Cloud must use HTTP over TLS (HTTPS) with support for TLS 1.2. We’ve decided to make this change in the best interest of our users so we can ensure the security of data in transit and stay up to date with modern encryption, security protocols, and practices.

Too Many Security Alerts, Not Enough Time: Automation to the Rescue

It’s 2020, which means it’s time to look back at 2019 and reminisce about the good times – fun with family and friends, good food, travel, and memories to last a lifetime. Who am I kidding? Everyone remembers the bad stuff. The increasing impacts of climate change; relentless fires in the Amazon, California, and Australia; political and social unrest around the globe; and the last season of Game of Thrones. Jon Snow... you still know nothing.

Q&A Follow-Up: How Datev uses MITRE ATT&CK & Splunk in its SOC

Hey Everyone, We recently did a webinar with Christian Heger, technical head of the DATEV SOC, as well as Sebastian Schmerl, head of cyber defense of Computacenter. They shared their 6-month path of modernizing their security operations with help of Splunk technology and the MITRE ATT&CK framework. As we weren’t able to address all of the questions during the webinar, we discussed these afterwards and share them in this blog post as a Q&A follow-up.

13 Security Alerts and Visualizations for VPC Flow Logs

AWS VPC Flow Logs record details about the traffic passing through your application, including requests that were allowed or denied according to your ACL (access control list) rules. It also has information about the IP addresses, and ports for each request, the number of packets, bytes sent, and timestamps for each request. This information brings deep visibility and the ability to improve your security posture over time.

How Data Analytics Support the CDM Program

Continuing Diagnostics and Mitigation (CDM) is a program of the Department of Homeland Security designed to enhance cybersecurity across the Federal government. By deploying a standardized stack of pre-approved security tools, CDM ensures that small and large agencies alike can protect their networks from common threats.

Manage the new Edge with Browser Security Plus

Not long ago, Microsoft announced the upcoming launch of its all-new version of the Edge browser that’s built on Chromium. The launch date for the new Chromium-based Edge browser, January 15, 2020, is almost here, and we on the Browser Security Plus team are ready to provide Edge browser management support for all versions. How can Browser Security Plus manage the new Edge?

2019 Magecart Timeline

We break down the timeline of the number one threat to ecommerce sites today – Magecart! This timeline includes all the significant Magecart attacks in 2019. With 4,800 formjacking attacks each month alone, this timeline only represents a small proportion of attacks reported in the public domain in 2019. Detect Web-skimming, Formjacking, and Supply Chain attacks before a Data Breach occurs with Magecart detection.

Elastic SIEM for home and small business: Beats on CentOS

Hey, there. This is part five of the Elastic SIEM for home and small business blog series. If you haven’t read the first, second, and third blogs, you may want to before going any further. In the Getting started blog, we created our Elasticsearch Service deployment and started collecting data from one of our computers using Winlogbeat. In the Securing cluster access blog, we secured access to our cluster by restricting privileges for users and Beats.

Weekly and Monthly Alert Insights

SRE and Security teams rely heavily on alerts to know whether their systems are experiencing issues and to prevent any future outages. At LogDNA, customers can set alerts that trigger when specific logs match (presence alerts) or set an alert to go off if there are expected lines that haven’t come through (absence alerts). These alerts can be set up with various channels so you can be alerted in the product of your choice (Slack, Email, PagerDuty, etc).