< ciso
brief />
Tag Banner

All news with #splunk tag

8 articles

Weekly Recap: Browser Bugs, EDR Killers, FortiBleed

📰 This week’s recap highlights recurring attack patterns: abused integrations, poisoned websites, fake tools, and ransomware groups disabling security products. Notable incidents include the large-scale FortiBleed campaign compromising FortiGate devices, the Gentlemen RaaS developing the GentleKiller EDR-killing suite, and active exploitation of a critical Splunk flaw. Mobile and crypto-related malware campaigns also featured prominently.
read more →

CISA warns: Patch critical Splunk Enterprise flaw by Sunday

🔒 The U.S. CISA has ordered federal agencies to patch a critical Splunk Enterprise vulnerability (CVE-2026-20253) by Sunday after evidence of active exploitation. The flaw impacts Splunk Enterprise versions 10.2.0–10.2.3 and 10.0.0–10.0.6 and allows unauthenticated attackers to create or truncate arbitrary files via a PostgreSQL sidecar service endpoint. Splunk released patches and mitigation guidance, and Shadowserver has identified over 1,400 Internet-exposed Splunk instances that may be at risk.
read more →

Critical Splunk Enterprise Postgres Sidecar Flaw Fixed

🛡️ Splunk released security updates to remediate a critical unauthenticated file operation and remote code execution vulnerability (CVE-2026-20253, CVSS 9.8) affecting certain Splunk Enterprise versions. The flaw stemmed from an unauthenticated PostgreSQL sidecar service endpoint that allowed creation or truncation of arbitrary files. Splunk fixed the issue in 10.0.7 and 10.2.4; Splunk Cloud is not affected because it does not use Postgres sidecars. Users are urged to apply the updates promptly to mitigate exploitation risk.
read more →

Can AI Solve SIEM Rule Sprawl Across Multiple Vendors

🤖 Enterprises migrating between SIEM platforms face repetitive, error-prone rule rewrites because vendors like Splunk, Microsoft Sentinel, IBM QRadar, and Google Chronicle use distinct query languages and data models. Researchers from the National University of Singapore propose ARuleCon, an AI-assisted framework that translates rules while preserving detection intent. In tests on nearly 1,500 conversions it improved accuracy about 10–15% over baseline LLM approaches. Practitioners caution that deterministic engineering, robust validation, and human oversight remain essential to avoid semantic drift and operational risk.
read more →

Technical Walkthrough: AWS Security Hub Extended, Multicloud

🔒 AWS Security Hub Extended consolidates AWS and curated partner security services into a unified, pay-as-you-go offering for multicloud full-stack protection. It centralizes procurement, billing, and operations across endpoint, identity, email, network, data, browser, cloud, and AI protections while integrating findings in OCSF format. Customers can onboard via the AWS Console, assign delegated administrator accounts for centralized management, and route normalized findings to tools such as Splunk and 7AI for coordinated response.
read more →

2025 Threat Trends: Talos and Splunk Double-Header

🔍 In this episode of Talos Takes, Amy is joined by William Largent (Cisco Talos) and Lou Stella (Splunk) for a double-header review of the newly released Cisco Talos 2025 Year in Review and the Splunk Top 50 Cybersecurity Threats. The conversation draws on Cisco telemetry, Talos original research, and Talos Incident Response engagements to move beyond headlines and identify actionable trends. Highlights include the professionalization of ransomware-as-a-service, the persistent exploitation of decade-old vulnerabilities, and practical guidance to help defenders prioritize mitigations and shrink their attack surface for the year ahead.
read more →

SIEM Buyer’s Guide: Selecting Effective Security Tools

🔒 This guide helps security teams evaluate and select a Security Information and Event Management (SIEM) solution by outlining key selection criteria and practical trade-offs. It covers operational models (SaaS vs on-premises), analytics and AI/ML capabilities, log collection and parsing, alerting and role-based access, compliance requirements and ecosystem integrations. The guide also discusses pricing models and highlights vendors such as Splunk, Microsoft Sentinel and IBM QRadar to help start vendor research and pilot selection.
read more →

Where CISOs Should See Splunk Go Next: AI & Resilience

🔍 At .Conf in Boston, Splunk and parent company Cisco positioned machine data as central to next‑generation AI incident response, arguing telemetry represents roughly 55% of global data growth. They stressed tighter integration of security and observability, a federated data model with new support for Snowflake, and standards work such as OpenTelemetry and the Open Cybersecurity Framework (OCSF). Splunk also previewed enhanced security operations capabilities — a premier Enterprise Security bundle, Detection Studio, and agentic AI features — while acknowledging customer concerns about costs, legacy positioning, and support.
read more →