all InfoSec news
SOC239 — Remote Code Execution Detected in Splunk Enterprise
Jan. 16, 2024, 5:30 p.m. | Elnur Badalov
System Weakness - Medium systemweakness.com
SOC239 — Remote Code Execution Detected in Splunk Enterprise
Event ID: 201
Platform: LetsDefend
Alert
Based on the information provided in this alert, on the host Splunk Enterprise with IP 172[.]16[.]20[.]13, remote code was injected from 180[.]101[.]88[.]240. The malicious actor injected remote code using an XSLT payload.
Definition:
Extensible Stylesheet Language Transformations (XSLT) is an XML-based language used, in conjunction with specialized processing software, for the transformation of XML documents.
No action was taken on this alert …
blue team cybersecurity incident response letsdefendio rce-vulnerability
More from systemweakness.com / System Weakness - Medium
OSI Model & TCP/IP Comparison
2 days, 15 hours ago |
systemweakness.com
First AD home lab
3 days, 11 hours ago |
systemweakness.com
Clocky | TryHackMe Write-up
4 days, 10 hours ago |
systemweakness.com
Tuesday Morning Threat Report: Apr 30, 2024
4 days, 10 hours ago |
systemweakness.com
Jobs in InfoSec / Cybersecurity
Security Analyst
@ Northwestern Memorial Healthcare | Chicago, IL, United States
GRC Analyst
@ Richemont | Shelton, CT, US
Security Specialist
@ Peraton | Government Site, MD, United States
Information Assurance Security Specialist (IASS)
@ OBXtek Inc. | United States
Cyber Security Technology Analyst
@ Airbus | Bengaluru (Airbus)
Vice President, Cyber Operations Engineer
@ BlackRock | LO9-London - Drapers Gardens