Security Blogs

The Splunk Threat Research Team has assessed several samples of Trickbot, a popular crimeware carrier that allows malicious actors to deliver multiple types of payloads. Use our pre-built Splunk detections to detect Trickbots.

TruSTAR announces new features making intelligence more actionable by simplifying intelligence ingestion, automating data flows and better informing SIEM, SOAR and Vulnerability Management programs.

Check out detections from the Splunk Threat Research team to detect data exfiltration – also known as data extrusion, data exportation, and data theft – in your environment.

What questions should organizations be asking themselves and what steps should they take to prevent or mitigate the next ransomware threat? Splunk's Yassir Abousselham has put together a quick set of questions we’re asking at Splunk that can help you.

Learn about the latest and greatest features of Splunk Enterprise Security 6.6.

We are excited to announce our August Boss of the SOC (BOTS) V event! What’s new in BOTS V? I’m glad you asked. This year, we find our favorite brewery, Frothly, converting to a remote model and embracing the cloud for ‘all the things.'

REvil attackers exploited Kaseya, a highly trusted management software. Here's how security leaders can take actionable steps to improve your business's defenses.

On July 2, 2021, REvil group used Kaseya to distribute malware to its on-premises customers. Splunk has pushed out guidance to help understand and detect REvil. Learn more about the REvil ransomeware group, their tactics, and how to detect them using Splunk.

Kaseya VSA, remote monitoring management (RMM) software heavily used by managed service providers (MSP), was compromised by REvil, and is being used to distribute ransomware to its on-premises customers. Find out more on how to detect REvil in your environment.