Dawisco
Adam ♿
London Eastfield 🇵🇸I am fairly certain that Splunk is the worst piece of shit software I have ever had to endure in any job.
The Threat CodexSensitive Information Disclosure in Splunk Secure Gateway App
#CVE_2025_20229 #Splunk
https://advisory.splunk.com/advisories/SVD-2025-0302
#CVE_2025_20229 #Splunk
https://advisory.splunk.com/advisories/SVD-2025-0302
Sensitive Information Disclosure in Splunk Secure Gateway App
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and versions below 3.8.38 and 3.7.23 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the “admin“ or “power“ Splunk roles could run a search using the permissions of a higher-privileged user that could lead to disclosure of sensitive information. <br><br>The Splunk Secure Gateway exposes user session and authorization tokens in clear text in the splunk_secure_gateway.log file when it calls the `/services/ssg/secrets` REST endpoint. <br><br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated low-privileged user should not be able to exploit the vulnerability at will.
DevelopersIOGoogle Cloud のデータを Pull ベースで取り込む
https://dev.classmethod.jp/articles/slug-hMUCjXAoiguN/
BillSplunk patched the CSRF bug (and a gazillion others I didn't find)! I guess I get to stop adding it to reports ...
AndiMannICYMI: on the latest #TechstrongTV I join the Gang to go deep on #Google #acquisition of #CNAP (#cloud #cybersecurity) with #Wiz, esp. how it hits #AWS, #Azure, #Cisco, #Splunk, #Crowdstrike, #PANW, ++. Just don't call it #DevSecOps!
Plus, #AI is failing, even for religion!
https://techstrong.tv/videos/videos/techstrong-gang-march-19-2025
Techstrong Gang - March 19, 2025 - Techstrong TV
Alan, Mike, Mitch, Andi Mann and Lisa Martin, CMO Advisor for The Futurum Group, dive into why Google is spending $32 billion to acquire Wiz, a provider of a cloud native application protection platform (CNAPP).Then, the gang discusses the challenges organizations are running into as they attempt to operationalize artificial intelligence (AI) before discussing the impact AI might have on religion.
Splunkさん主催 Google Cloud のデータ取り込みワークショップに参加してみた!
https://dev.classmethod.jp/articles/slug-TJgwcAcQkhdl/
VulDB 
Use Splunk to fetch our vulnerability data very easily https://splunkbase.splunk.com/app/4190/ #vuldb #splunk #logging
ICYMI, on the latest #TechstrongTV I join the Gang to go deep on #Google #acquisition of #CNAP (#cloud #cybersecurity) with #Wiz, esp. how it hits #AWS, #Azure, #Cisco, #Splunk, #Crowdstrike, #PANW, ++. Just don't call it #DevSecOps!
Plus, #AI is failing, even for religion!
https://techstrong.tv/videos/videos/techstrong-gang-march-19-2025
Techstrong Gang - March 19, 2025 - Techstrong TV
Alan, Mike, Mitch, Andi Mann and Lisa Martin, CMO Advisor for The Futurum Group, dive into why Google is spending $32 billion to acquire Wiz, a provider of a cloud native application protection platform (CNAPP).Then, the gang discusses the challenges organizations are running into as they attempt to operationalize artificial intelligence (AI) before discussing the impact AI might have on religion.