Hello, everyone! Welcome to the Splunk staff picks blog. Each month, Splunk security experts curate a list of presentations, whitepapers, and customer case studies that we feel are worth a read.
Check out our previous staff security picks, and we hope you enjoy.
"In partnership with Splunk, CCDCOE started the 2022 Crossed Swords exercise. This exercise brings together around 120 participants from 24 countries, both from NATO and non-NATO countries and is being conducted at the exercise and training centre CR14 in Tallinn, Estonia."
"This thread from Sam Curry is a great breakdown of the investigation by him and his team into vulnerabilities affecting various car manufacturers. Without going into any spoilers, the investigation involved a company you might not realize provides vehicle telematics. The thread details the OSINT techniques used to confirm the vulnerability, which allowed the researchers to remotely unlock, start, and locate several remotely connected vehicles knowing only the VIN number. It's a fun thread looking into car security."
Playing Cat and Mouse with the Attacker: Frequent Item Set Mining in the Registry by Maeve Mulholland, Tim Nary, and Fred Frey at SnapAttack
"This month I've been catching up on the great content from CAMLIS. In this talk, Maeve Mulholland from SnapAttack describes a method of "Item Set Mining" to identify unique clusters of registry keys that are tied to an attacker's persistence mechanism. I really like the way this talk acknowledges the difficulty in security data science of capturing the true level of variance an attacker has in how they implement each step of an attack. This methodology seems promising as a means for uncovering more behavioral detection possibilities!"
"Building a great hypothesis for threat hunting can be difficult. Scope creep is common and ensuring relevancy to your environment is critical. While there are lots of aspects to consider, at the heart of it you need a few key elements. This blog by Lauren Proehl breaks it down in a clear way by using hypothesis diagramming to build strong hypotheses for your threat hunts. Happy hunting!"
"First off, this is a WIRED Backchannel article written in 1997. But reading this feels very akin to what we're going through with the mass-migration from Twitter to Mastodon. It's a very long read, but I think sometimes we need to spend the time digesting pieces like these to actually gain something meaningful from them."
Lack of Cybersecurity Expertise Poses Threat for Public-Safety Orgs by Robert Lemos for Dark Reading
"Police and emergency responders are among the most vulnerable to cyberattacks, such as ransomware and data leaks. But they handle the most sensitive data, and literally have our lives in their hands. This article covers some of the reasons why. This a problem that must be addressed."
"In a win for privacy advocates, Apple announced it is expanding end-to-end encryption to include the iCloud with an optional feature called Advanced Data Protection. The move was met with criticism by the FBI, which would no longer be able to access end-to-end encrypted iCloud data with a warrant. Users who opt-in to the feature will need to choose a data-recovery method, since Apple will be restricted in its ability to restore lost data. It's worth noting that, according to this report, Apple Mail, Contacts and Calendar won't qualify for Advanced Data Protection because they use older technology protocols. I'm also excited to see that Apple users will soon be able to log in to their accounts using hardware-based security keys, like the YubiKey."