After years in the technical writing trenches at industry giants like Cisco, Riverbed, and Akamai, I now lead the Sysdig Documentation team. I’m Shuba Subramaniam, and I’m passionate about creating content that truly helps people — whether they’re exploring Sysdig for the first time or troubleshooting a tricky issue at 2 a.m.

On Tuesday, January 14, 2025, a set of vulnerabilities were announced that affect the “rsync” utility. Rsync allows files and directories to be flexibly transferred locally and remotely. It is often used for deployments and backup purposes. In total, 6 vulnerabilities were announced to the OSS Security mailing list. The most severe vulnerability, CVE-2024-12084, may result in remote code execution. This post will cover how to detect and mitigate CVE-2024-12084.

Many are familiar with how GitLab leverages Falco in its Package Hunter project to detect threats through system call monitoring. However, fewer may be aware of a powerful GitLab plugin for Falco that ingests audit events directly from GitLab, transforming them into actionable fields within Falco. By integrating GitLab audit event fields, you can create Falco rules to detect potential threats in real time and send alerts through your configured notification channels.

As the adoption of cloud-native technologies like containers, Kubernetes, and microservices have evolved, traditional security solutions have struggled to keep up. According to the Sysdig Threat Research Team (TRT), the average time it takes an attacker to perform reconnaissance and complete an attack is just 10 minutes. To help teams outpace attackers, cloud-native application protection platforms have emerged.