July 19, 2024 at 11:06AM SonicWall warns that a recently patched Splunk Enterprise vulnerability, CVE-2024-36991, is more severe than initially considered. The vulnerability, with a CVSS score of 7.5, allows for path traversal on the /modules/messaging/ endpoint, potentially granting access to sensitive files. SonicWall urges users to update or disable Splunk Web to mitigate the … Read more
January 23, 2024 at 09:12AM Splunk announced patches for multiple vulnerabilities, including a high-severity bug (CVE-2024-23678) affecting Splunk Enterprise on Windows, allowing unsafe deserialization leading to potential denial of service, application logic abuse, or code execution. Other medium-severity vulnerabilities and flaws in third-party packages were also resolved in versions 9.0.8 and 9.1.3. Splunk recommends upgrading … Read more
November 17, 2023 at 11:15AM SecurityWeek’s weekly roundup highlights several cybersecurity stories. The world-renowned law firm Allen & Overy experienced a data breach by the LockBit ransomware group. The largest bank in China, Industrial and Commercial Bank of China, allegedly paid a ransom to the LockBit gang. Europol aided in the takedown of a vishing … Read more
October 11, 2023 at 02:52PM The third quarter of 2023 saw significant M&A activity in the cybersecurity industry, with Cisco’s $28 billion acquisition of Splunk leading the way. Other major players, including CrowdStrike and Check Point, also made strategic purchases to expand their offerings. Venture funding in the sector picked up after a slow start … Read more