Security - TSP

Insight into Security Vulnerabilities in JetBrains TeamCity: CVE-2024-27198 and CVE-2024-27199

By TSP March 26, 2024

Two critical vulnerabilities have been exposed in JetBrains TeamCity On-Premises versions up to 2023.11.3. Identified by Rapid7’s vulnerability research team in February 2024, CVE-2024-27198 and CVE-2024-27199 pose a significant threat, enabling unauthenticated attackers to potentially gain administrative control or execute code remotely on affected TeamCity servers. CVE-2024-27198, categorized under CWE-288, highlights an authentication bypass vulnerability […]

Discovering fresh malevolence: Identifying new domains using Splunk

By TSP March 26, 2024

In this installment of Hunting with Splunk we’re showing you how to detect suspicious and potentially malicious network traffic to “new” domains. First, let’s delve into what we mean by “new” domains and why you should make a habit of detecting this activity in the first place. (Part of our Threat Hunting with Splunk series, […]

Examining SnakeKeylogger’s Loader and its Tactics, Techniques, and Procedures

By TSP March 26, 2024

Snake Keylogger is a Trojan Stealer that emerged as a significant threat in November 2020, showcasing a fusion of credential theft and keylogging functionalities. Developed using .NET, its arsenal includes keystroke logging, harvesting stored credentials, and capturing screenshots. Moreover, it exhibits adeptness in gathering clipboard data, browser credentials, and conducting system and network reconnaissance. This […]

Latest Security Content Roundups by the Splunk Threat Research Team (STRT)

By TSP March 25, 2024

The Splunk Threat Research Team (STRT) continuously monitors the threat landscape to develop, test, and deliver custom detection searches to help identify vulnerabilities and cyber attacks within your environment. All detections relevant to a particular threat are packaged in the form of analytic stories (also known as use cases) and housed on the Splunk Security […]

Q4 Roundup of Splunk Security Content for Threat Detection & Response

By TSP March 25, 2024March 25, 2024

Looking for the latest Splunk security content? You’ve come to the right place! This page is updated quarterly with all the latest security content details. This blog post covers all the security content developed November 2023 – January 2024. Jump straight to the updates below, or read on to learn more about: How Splunk develops […]

Improving SIEM Events by Incorporating Automated URL Threat Analysis

By TSP March 25, 2024March 25, 2024

The Splunk team released the Splunk Add-on for Splunk Attack Analyzer and Splunk App for Splunk Attack Analyzer version 1.1. These apps strengthen the unified security operations experience, and this release allows users to bring automated threat analysis verdicts of URLs into Splunk Enterprise Security (ES) notable events to provide enhanced security measures for SOC […]

Insight into Security Vulnerabilities in JetBrains TeamCity: CVE-2024-27198 and CVE-2024-27199

Insight into Security Vulnerabilities in JetBrains TeamCity: CVE-2024-27198 and CVE-2024-27199

Discovering fresh malevolence: Identifying new domains using Splunk

Examining SnakeKeylogger’s Loader and its Tactics, Techniques, and Procedures

Latest Security Content Roundups by the Splunk Threat Research Team (STRT)

Q4 Roundup of Splunk Security Content for Threat Detection & Response

Improving SIEM Events by Incorporating Automated URL Threat Analysis

Subscribe Our Newsletter

Services

Use Cases

Opportunities

Resources

Support

Get in Touch

Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC