Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

March 2022

Critical Vulnerability in Spring Core: CVE-2022-22965 a.k.a. Spring4Shell

After the Spring cloud vulnerability reported yesterday, a new vulnerability called Spring4shell CVE-2022-22965 was reported this time on the very popular Java framework Spring Core on JDK9+. The vulnerability is always a remote code execution (RCE) which would permit attackers to execute arbitrary code on the machine and compromise the entire host.

Detecting and Mitigating CVE-2022-22963: Spring4Shell RCE Vulnerability

Today, researchers found a new HIGH vulnerability on the famous Spring Cloud Function leading to remote code execution (RCE). The vulnerability CVE-2022-22963 would permit attackers to execute arbitrary code on the machine and compromise the entire host.

Digital Forensics Basics: A Practical Guide for Kubernetes DFIR

Containerization has gone mainstream, and Kubernetes won out as the orchestration leader. Building and operating applications this way provides massive elasticity, scalability, and efficiency in an ever accelerating technology world. Although DevOps teams have made great strides in harnessing the new tools, the benefits don’t come without challenges and tradeoffs.

Detect malicious activity in Okta logs with Falco and Sysdig okta-analyzer

On March 22, the hacking group Lapsus$ published a Twitter post with a number of screenshots taken from a computer showing “superuser/admin” access to various systems at authentication firm Okta that took place in January this year. Okta is a platform in the #1 platform in Identity-as-a-Service (IDaaS) category, which means that it manages access to internal and external systems with one login.

Secure your cloud from source to run

Security has to change, cloud native is now. Sysdig: Secure your Cloud from Source to Run. Cloud security that avoids, that alerts, closes gaps, grants access, takes charge. That checks out, that scales up, that keeps up. That’s there From source, to run. That’s Sysdig! A single view of risk. With no blind spots. Rich context to prioritize what matters. With no guesswork. A platform based on open standards. With no black boxes.

Mitigating CVE-2022-0811: Arbitrary code execution affecting CRI-O

A new vulnerability CVE-2022-0811, alias cr8escape, with CVSS 8.8 (HIGH) has been found in the CRI-O container engine by Crowdstrike. This vulnerability can lead to arbitrary code execution. The container engines affected are: Any containerized infrastructure that relies on these vulnerable container engines is affected as well, including Kubernetes and OpenShift (version 4.6 to 4.10).

IBM Z Application Environment Modernization with Sysdig

Recently, IBM announced the IBM Z and Cloud Modernization Center1 for the acceleration of hybrid cloud and to help IBM Z clients accelerate the modernization of their applications, data, and processes in an open hybrid cloud architecture. By combining IBM Z systems built for transactional integrity, throughput, reliability, and availability with hybrid cloud development, IBM is combining the best of both worlds.

Real-Time Threat Detection in the Cloud

Organizations have moved business-critical apps to the cloud and attackers have followed. 2020 was a tipping point; the first year where we saw more cloud asset breaches and incidents than on-premises ones. We know bad actors are out there; if you’re operating in the cloud, how are you detecting threats? Cloud is different. Services are no longer confined in a single place with one way in or one way out.

CVE-2022-0847: "Dirty Pipe" Linux Local Privilege Escalation

Right on the heels of CVE-2022-4092, another local privilege escalation flaw in the Linux Kernel was disclosed on Monday, nicknamed “Dirty Pipe” by the discoverer. MITRE has designated this as CVE-2022-0847. Similar to the “Dirty COW” exploit (CVE-2016-5195), this flaw abuses how the Kernel manages pages in pipes and impacts the latest versions of Linux.

CVE-2022-0492: Privilege escalation vulnerability causing container escape

Linux maintainers disclosed a privilege escalation vulnerability in the Linux Kernel. The vulnerability has been issued a Common Vulnerability and Exposures ID of CVE-2022-0492 and is rated as a High (7.0) severity. The flaw occurs in cgroups permitting an attacker to escape container environments, and elevate privileges. The vulnerable code was found in the Linux Kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function.

Why is MFA important to your cloud account

Recently, we have been facing a recurring problem related to cloud security – breaches based on credentials leak or breakage. Users tend to log into their accounts using a single factor system, such as a user and password combination. This introduces a single point of failure in your account’s security. Weeks ago, we read a tweet about a person dealing with a huge AWS bill due to a stolen key that was taken by attackers to use AWS Lambda functions for crypto mining.

Triaging A Malicious Docker Container

Malicious Docker containers are a relatively new form of attack, taking advantage of an exposed Docker API or vulnerable host to do their evil plotting.​​ In this article, we will walk through the triage of a malicious image containing a previously undetected-in-VirusTotal (at the time of this writing) piece of malware! Leaving a Docker API endpoint exposed to the world can have a variety of negative consequences.