Collaborate Disseminate
Microsoft has lost several weeks of cloud security logs that its customers rely on to spot cyber intrusions. What happened As reported by Business Insider earlier this month, Microsoft privately notified affected customers of this incident and told the… Continue reading Microsoft lost some customers’ cloud security logs
The JPCERT Coordination Center – the first Computer Security Incident Response Team established in Japan – has compiled a list of entries in Windows event logs that could help enterprise defenders respond to human-operated ransomware attack… Continue reading Use Windows event logs for ransomware investigations, JPCERT/CC advises
In our organization, we use a GCP setup with Kubernetes. We generate tons of firewall logs as we provide a digital service that generates a high volume of requests from our users. Storing all these logs is quite costly, especially when you… Continue reading Logging Strategy (high costs for storing all logs)
I am working on a data processing task in an enterprise environment with Python3 installed on a client-side Windows Jump server.
The data, which I need to download regularly from a third-party provider, is accessed via a REST API.
The busi… Continue reading Log REST API calls in the most auditable way
A few weeks ago we had a single user’s browser start hitting the server with a peculiar request (IP redacted for their privacy):
1.1.1.1 – – [21/May/2024:07:42:31 +0000] "POST /3kFtdvOkagEQbIxH HTTP/1.1" 404 5124 "https://ww… Continue reading Odd repetitive 16character 404 web requests, with json "RefreshTTL" payload
Tenable researchers have discovered a critical vulnerability (CVE-2024-4323) in Fluent Bit, a logging utility used by major cloud providers and tech companies, which may be leveraged for denial of service, information disclosure, or remote code executi… Continue reading Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323)
An application is logging wrong OTPs (but not correct OTPs). I asked the application developers to not log wrong OTPs because I do not see any benefits. However, they do not want to modify the application code, and are asking me (I have no… Continue reading What security risks do you see with wrong OTPs appearing in application logs?
Varonis Threat Labs researchers have uncovered two techniques attackers can use can use for covert data and file exfiltration from companies’ SharePoint server. “These techniques can bypass the detection and enforcement policies of traditio… Continue reading New covert SharePoint data exfiltration techniques revealed
After select US federal agencies tested Microsoft’s expanded cloud logging capabilities for six months, Microsoft is now making them available to all agencies using Microsoft Purview Audit – regardless of license tier. “This change wi… Continue reading Microsoft begins broadening free cloud logging capabilities
A zero-day vulnerability that, when triggered, could crash the Windows Event Log service on all supported (and some legacy) versions of Windows could spell trouble for enterprise defenders. Discovered by a security researcher named Florian and reported… Continue reading A zero-day vulnerability (and PoC) to blind defenses relying on Windows event logs