Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities

October 15, 2024 at 08:56AM Splunk has issued patches for several vulnerabilities in Splunk Enterprise, addressing two high-severity remote code execution flaws. This update aims to enhance security and mitigate risks associated with these vulnerabilities. The announcement was reported by SecurityWeek. **Meeting Takeaways:** 1. **Patch Release**: Splunk has released patches addressing multiple vulnerabilities in Splunk … Read more

Recent Splunk Enterprise Vulnerability Easy to Exploit: Security Firm

July 19, 2024 at 11:06AM SonicWall warns that a recently patched Splunk Enterprise vulnerability, CVE-2024-36991, is more severe than initially considered. The vulnerability, with a CVSS score of 7.5, allows for path traversal on the /modules/messaging/ endpoint, potentially granting access to sensitive files. SonicWall urges users to update or disable Splunk Web to mitigate the … Read more

High-Severity Vulnerability Patched in Splunk Enterprise

January 23, 2024 at 09:12AM Splunk announced patches for multiple vulnerabilities, including a high-severity bug (CVE-2024-23678) affecting Splunk Enterprise on Windows, allowing unsafe deserialization leading to potential denial of service, application logic abuse, or code execution. Other medium-severity vulnerabilities and flaws in third-party packages were also resolved in versions 9.0.8 and 9.1.3. Splunk recommends upgrading … Read more

In Other News: Major Law Firm Hacked, Chinese Bank Pays Ransom, PyPI Security Audit

November 17, 2023 at 11:15AM SecurityWeek’s weekly roundup highlights several cybersecurity stories. The world-renowned law firm Allen & Overy experienced a data breach by the LockBit ransomware group. The largest bank in China, Industrial and Commercial Bank of China, allegedly paid a ransom to the LockBit gang. Europol aided in the takedown of a vishing … Read more

Cloud Security Demand Drives Better Cyber-Firm Valuations — and Deals

October 11, 2023 at 02:52PM The third quarter of 2023 saw significant M&A activity in the cybersecurity industry, with Cisco’s $28 billion acquisition of Splunk leading the way. Other major players, including CrowdStrike and Check Point, also made strategic purchases to expand their offerings. Venture funding in the sector picked up after a slow start … Read more