Hello everyone! Welcome to the Splunk staff picks blog. Each month, Splunk security experts curate a list of news articles, research, white papers, and customer case studies that we feel are worth a read. To check out our previous staff security picks, take a peek here. We hope you enjoy!
"Coveware regularly deals with ransomware groups and is well equipped to provide insight on the evolution of RaaS Tactics, Techniques, and Procedures (TTPs). This is more of a recap -- and doesn't cover how some groups hire folks with red team skills to secure big scores - but it was a helpful refresher for me, since so much has been happening in the past few years."
"Excellent post going through Zero Trust and how it is being applied at Google and how it is pretty much impossible to deploy a fully Zero Trust architecture outside of the lab. Anybody claiming otherwise is wrong."
"QR codes, amirite? That scan/autoclick kerfuffle spurred a conversation about the dangers posed by hyperlinks in 2022. When Bob Lord asked this question of the twittervoid, Dylan Ayrey posted a fantastic video response. The whiteboard is a perfect touch. One of the risks he covers is Cross-Origin Resource Sharing (CORS) - something most orgs likely haven’t considered in their threat models, and his detailed explanation here is succinct and digestible. Please watch part 2, imo most security incidents begin with this vector. Be sure to check out the talk with Christian Frichot from BSidesSF that covers this topic and much more."
"Asaf has written two articles that are top of mind for anyone responsible for CI/CD pipeline. I chose the Exploiting/Securing Jenkins article because it's near to my experience. I've been to many development shops where Jenkins was put into place with the default configuration, leading to potential hijinx. Thankfully, Asaf has written about a couple ways to secure Jenkins. Also luckily, there's a product out there that will monitor your build platform for you."
“Reporters with the German public broadcasters BR and WDR released their findings from an OSINT-based investigation into the APT group known as Snake, Turla, or Uroburos. Since at least 2004, security researchers say Snake has targeted government networks for cyberespionage using clever attack vectors and delivery methods such as Satellite internet. The reporters pieced together clues to uncover the likely malware authors, using online forum usernames, social media accounts, and personal websites. The information pointed to two men who once worked for a company that, at the time, belonged to the Russian secret service FSB. I highly recommend reading through the full investigation, which is displayed online in an interactive format."