ICYMI: Episode 8 of The Security Detail features predictions from past interview guests about the future of emerging technologies like generative #AI and #quantum computing.

You can listen to the full episode here: thesecuritydetail.podbean.com/e/emerging-tec…

#cybersecurity

New —> A hacking incident in January caused a water tank in a small Texas town to overflow. A GRU-backed Telegram channel took responsibility (per Mandiant). I interviewed officials in multiple towns in north Texas on how they responded: cnn.com/2024/04/17/pol…

The Russian cyberattacks on US water, Polish water, and a French dam are complicated. We had established that CARR was being used as a front for Sandworm/APT44 (Russian GRU) prior to the incidents and that they were even involved in creating some of CARR's online presence. 1/x

Witness the evolution of #cyber threat hunting programs at #RSAC 2024. 💫

That's right - join Splunker David J. Bianco as he explores how the PEAK framework addresses lessons and experiences nearly a decade after the creation of the Sqrrl Threat Hunting Cycle. #SplunkSecurity

Vulnerability in Putty:

'attacker in possession of a few dozen signed messages and the public key has enough information to recover the private key'

* Revoke keys immediately including public in authorized_keys
* Generate a new key pair and replace

chiark.greenend.org.uk/~sgtatham/putt…

#BREAKING 'We are prepared to use a weapon that we have never used,' the spokesman for the Iranian Parliament's National Security Committee Abolfazl Amouei said Monday night, urging Israel to 'act wisely'.

Dare we say that the latest episode of The Security Detail podcast might be one of our favorites. 👀

#ICYMI , the #SplunkSecurity team rounded up emerging #tech predictions from past guests. And yep, they cover everything from #AI to quantum computing: splk.it/4cRPPav

From individual scams to large-scale manipulations, #deepfakes are becoming a serious concern for businesses.

Splunk's Audra Streetman sheds light in an article for Silicon UK.

Read more: splk.it/3Jh2iqy

#Cybersecurity

BREAKING: President Biden says attack launched from Iran and Yemen, Syria, Iraq proxies; targeted 'military facilities'; credits US aircraft, destroyers: 'Thanks to these deployments and extraordinary skill of servicemembers, we helped Israel take down nearly all of drones and missiles”

A senior #Israel official just told Israeli TV (Channel 12) that an 'unprecedented retaliation' against #Iran has been authorized in response to tonight's aerial assault.

NEW -- #Iran just launched a new wave of 70 ballistic & cruise missiles towards #Israel .

Per U.S. official, speaking to ABC News.

'Israel has successfully intercepted 99% of the Iranian response,' Yedioth Ahronoth reported, citing Israeli security sources.

Iranian Foreign Ministry statement: Tehran will not hesitate to take further defensive measures to safeguard its legitimate interests against any military aggressions - Reuters

Our team at Volexity has identified a new 0day exploited in the wild. This time we caught a threat actor using an unauthenticated RCE in Palo Alto Networks GlobalProtect. It has been assigned CVE-2024-3400 and is covered in this Palo Alto Networks advisory security.paloaltonetworks.com/CVE-2024-3400

STRONG RECOMMENDATION -
If you are a CISO and you have a 3rd party (Automation, AI, Analytics) that uses Sisense or you SUSPECT uses Sisense INSIST on an impact statement NOW.
I can 100% guarantee there are a lot of you with impact.

Your data was accessed by a threat actor.

Sisense has released specific instructions to its customers.

On the one hand it’s easy to be mad at this situation, the plaintext storage of credentials and the insecure storage of data at rest.

On the other had I want to give them props for reaching this point in under 24…

This'll be my first time on the RSA stage, so come heckle, or just hang out and learn about my biggest threat hunting mistakes!

The nature of sisense is they require access to their customers confidential data sources. They have direct access to JDBC connections, to SSH, and to SaaS platforms like Salesforce and many more. It also means they have tokens, credentials, certificates often upscoped. 1/2

NEW: CISA has confirmed that Russian government hackers stole emails from several U.S. federal agencies as a result of an ongoing cyberattack at Microsoft.

CISA said the latest theft presents 'a grave and unacceptable risk' to U.S. federal agencies.

techcrunch.com/2024/04/11/us-…

⚠️ We are collaborating with partners to respond to a recent compromise—discovered by independent security researchers—impacting Sisense. For more info, check out: cisa.gov/news-events/al…