Security Blogs

The following is a walkthrough of Remcos executed via Attack Range Local. We will go over some of the multiple and intrusive operations this remote access tool can execute at compromised hosts.

The Splunk Threat Research team addresses the two tools used by the well-organized and highly-skilled criminal group FIN7 — JSS Loader and Remcos.

With the official launch of bots.splunk.com, we're pleased to announce Partner Experiences – capture the flag (CTF) on-demand challenges, built by a Splunk technology partner, running in Splunk, hosted on the BOTS platform and available for free.

IcedID is a trojan that has been used in recent malicious campaigns and with new defense bypass methods.

Accompanying today’s announcement from CISA (BOD 22-01) and their new Known Exploited Vulnerabilities Catalog, SURGe and Splunk Threat Research Team (STRT) have coordinated to add functionality into Enterprise Security Content Updates (ESCU). This added functionality will help network defenders understand vulnerability context alongside relevant ESCU detections.

Hi everyone! Welcome to the Splunk staff picks blog. Each month, Splunk security experts curate a list of presentations, white papers, and customer case studies that we feel are worth a read. This month we decided to switch things up and include some of our favorite .conf21 presentations. We hope you enjoy.

Raen Lim, Group Vice President, South Asia & Korea, shares how Splunk partners with the Singapore government to help the nation's small and medium-sized enterprises take a proactive stance toward addressing cyber threats.

Halloween is just around the corner and we’re looking forward to trick-or-treating, donning our best costumes, and watching [scary] movies. Read on to learn how a few of our favorite Halloween movies remind us of our most recent Splunk SOAR updates.

Software supply chain attacks are not going away. As our network defenses improve, adversaries must move up the chain to stay a step ahead of our defenses.