As you have no doubt heard, LastPass has suffered yet another breach which makes at least 3 separate incidents this year alone. The latest incident appears to be a follow-up to the previous intrusion from back in August. Rather than recap the details of the breaches, this post will focus strictly on "how does this affect me/my organization" and "is LastPass still safe to use?"

At Recon, we are committed to meeting the security demands of the evolving threat landscape and exceeding the expectations of our customers. We follow best practices, up to and including closely following Google's BeyondCorp approach to "Zero Trust" for our entire infrastructure. Our security philosophy is, "we must always be the most secure part of any organization that we may ever work with." This has enabled us to be a strong, trusted advisor and service provider to our customers and channel partners.

This guide will walk you through using CanaryTokens.org to generate a token and how to use that token to determine if an application is vulnerable to Log4j. The generated token is a string of text that you will place in various user-controlled fields of the applications (such as search boxes, forms, and password fields). If the application is vulnerable, you will receive an email from CanaryTokens.org indicating that the application is vulnerable.

The recent Log4j vulnerability (CVE-2021-44228) is unprecedented in its global scope and impact. This open source logging framework for Apache is found buried in everything from the Mars Helicopter to Minecraft. The exploit is as simple as getting the system to log a message containing a specific string, which can be done as easily as changing your iPhone’s name, sending a chat message, or visiting a website.

It’s that time of year again - DEF CON! We were thrilled to run OpenSOC again at DEF CON this year, even if it had to be virtual (fingers crossed we’re all in person again in 2022).

We can't start a recap post without a huge THANK YOU to the community for joining us last week and making SOC X such a success!

Now that we've normalized and enriched our events, let's get into the actual threat detection logic that brings SIEM-like features to open source Graylog.

In my previous post, I explained the fundamental purpose and use cases of pipelines in Graylog – now let's move towards some more advanced topics.

If you are here hoping to learn more about using Graylog for the purpose of monitoring the security posture of your organization, strap in – it's about to get real.

At Recon InfoSec we have the honor of working with some of the best security operations, incident response, and threat hunting teams in the world: Fortune 100 companies, military cyber protection teams, global incident response firms, “3 letter agencies,” and “Big 4” professional services companies.