This is the first article in a series focusing on syscall evasion as a means to work around detection by security tools and what we can do to combat such efforts. We’ll be starting out the series discussing how this applies to Linux operating systems, but this is a technique that applies to Windows as well, and we’ll touch on some of this later on in the series. In this particular installment, we’ll be discussing syscall evasion with bash shell builtins.

Today’s digital organizations thrive in the cloud. The advantages are undeniable – cost savings, scalability, and seamless access to resources, applications, and data all foster better business agility, collaboration, and innovation. With over 85% of organizations adopting a cloud-first strategy by 2025, it’s clear that the cloud is integral to modern operations.

The Sysdig 2024 Cloud‑Native Security and Usage Report highlights the evolving threat landscape, but more importantly, as the adoption of cloud-native technologies such as container and Kubernetes continue to increase, not all organizations are following best practices. This is ultimately handing attackers an advantage when it comes to exploiting containers for resource utilization in operations such as Kubernetes.

In the fast-paced world of application development, the use of open source components offers a quick path to building sophisticated applications. However, this approach introduces critical questions about software composition, licensing, and security. Before pushing any new application to production or even staging, the security and compliance teams alongside the application owner must address the following: This is where the importance of a Software Bill of Materials (SBOM) becomes clear.

The cloud security market is still maturing and growing at a rapid pace. New security jargon, solutions, vendors, and acronyms are constantly appearing, making it difficult to have a clear sense of what approach to cloud security is best for your own organization. Cloud-native application platforms (CNAPPs) are one of the most recent categories in this space.

On January 16, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) sent out a Cybersecurity Advisory (CSA) about active threat actors deploying the AndroxGh0st malware. This is significant as cyber criminals are actively using this malware to target Laravel (CVE-2018-15133) (an open source PHP framework).env files and obtain credentials for various high profile applications like Office365, SendGrid, and Twilio.

Cybersecurity breaches are becoming more frequent and more impactful. Adversaries continue to grow stronger, and defenders aren’t always keeping pace. Add in the increasing number of nation-state actors in the threat landscape, and it’s hardly surprising that governments are starting to take a greater role in regulating security. On July 26th, 2023, the U.S.

The cybersecurity landscape is undergoing a significant shift, moving from security tools monitoring applications running within userspace to advanced, real-time approaches that monitor system activity directly and safely within the kernel by using eBPF. This evolution in kernel introspection is particularly evident in the adoption of projects like Falco, Tetragon, and Tracee in Linux environments.

On January 31st 2024, Snyk announced the discovery of four vulnerabilities in Kubernetes and Docker. For Kubernetes, the vulnerabilities are specific to the runc CRI. Successful exploitation allows an attacker to escape the container and gain access to the host operating system. To exploit these vulnerabilities, an attacker will need to control the Dockerfile when the containers are built.

Sysdig’s seventh annual Cloud-Native Security and Usage Report identifies how customers are developing, using, and securing cloud-native applications and environments. We analyze data from millions of containers and thousands of accounts and publish the most pertinent information for you. Security practitioners and leaders look forward to this report to identify trends and make adjustments to their cloud security strategy.