-
Navigate the Executive Order 14028 Era of Software Security
May 12, 2021 was a pivotal moment in cybersecurity history. The White House published Executive Order 14028 (EO 14028), a landmark document with an aggressive stance designed to advance the cybersecurity conversation1. While the document focuses on US federal government agencies and the companies that supply them, it’s a useful reference for those around the…
-
Thoughts on Executive Order 14028: Attestation and Software Security
For the last few weeks, SAFECode has been discussing a number of government initiatives related to software security assurance. This is the first of several blogs that we will be publishing to share our perspective and recommendations for approaches that will help governments and other organizations gain confidence in the software that they acquire and…
-
Security Capabilities to Support Code Integrity
By Kelly FitzGerald, Raytheon Technologies; Altaz Valani, Security Compass; Elena Kravchenko, Imperva; Matthew Lyon, Dell Technologies; Ashwini Siddhi, Dell Technologies Introduction In our previous blog posts, we defined the code integrity problem statement and the basic principles of code integrity. As our series continues, we will define a framework of layered security capabilities to support…
-
Oracle Joins SAFECode; Raytheon Accepts Board Seat
Members Work Together to Improve and Promote Effective Software Security Practices WAKEFIELD, MA. – July 28, 2022 – The Software Assurance Forum for Excellence in Code (SAFECode) recently welcomed Oracle as an associate member and elevated Raytheon Technologies to a seat on the SAFECode Board of Directors as a charter member. Along with Oracle, other recent new…
-
Elasticsearch: Cluster Status is RED
It happens very rarely, but sometimes your cluster gets red status. Red status means that not only has the primary shard been lost but also that the replica has not been upgraded to primary in its place. However, as in the case of yellow status, you should not panic and start firing commands without finding…
-
Search and Replace Text in SPL Fields with rex
Sometimes when working with fields in SPL, it can be useful to search for and replace parts of text found in the field. Some reasons for doing this might be:– removing white space to reduce the size of the field– replacing field separators with characters that look nicer– rearranging values in a field in an…
-
CVE-2024-49112 Detection: Zero-Click PoC Exploit for a Critical LDAP RCE Vulnerability Can Crush Unpatched Windows Servers
In 2024, vulnerability exploitation accounted for 14% of breach entry points, marking a nearly threefold increase from the previous year—a trend that could persist into 2025. At the turn of January 2025, defenders released the first PoC exploit that can crash unpatched Windows Servers by leveraging a critical RCE vulnerability in the Windows Lightweight Directory…
-
rare Сommand in Splunk
The rare command in Splunk helps you find the least common values in a specific field of your data. This is useful for spotting unusual or infrequent events. By default, the rare command in Splunk returns the 10 least common values for a specified field. Find Rare User Agents To identify the least common user agents in your web…
-
coalesce Function in Splunk
The Splunk coalesce function returns the first non-null value among its arguments. It’s useful for normalizing data from different sources with varying field names. For example, to unify multiple source IP fields into a single src_ip field: | eval src_ip = coalesce(src_ip, sourceip, source_ip, sip, ip) The post coalesce Function in Splunk appeared first on SOC Prime. Go to Source
-
Strela Stealer Attack Detection: New Malware Variant Now Targets Ukraine Alongside Spain, Italy, and Germany
Security experts have uncovered a novel Strela Stealer campaign, which leverages a new iteration of email credential-stealing malware. In this campaign, the updated malware version is enriched with enhanced functionality and is now capable of gathering system configuration data via the “system info” utility. Moreover, Strela Stealer expanded its targets beyond Spain, Italy, and Germany…