Security | Threat Detection | Cyberattacks | DevSecOps | Compliance


CRYSTALRAY: Inside the Operations of a Rising Threat Actor Exploiting OSS Tools

The Sysdig Threat Research Team (TRT) continued observation of the SSH-Snake threat actor we first identified in February 2024. New discoveries showed that the threat actor behind the initial attack expanded its operations greatly, justifying an identifier to further track and report on the actor and campaigns: CRYSTALRAY. This actor previously leveraged the SSH-Snake open source software (OSS) penetration testing tool during a campaign exploiting Confluence vulnerabilities.

CVE-2024-6387 - Shields Up Against RegreSSHion

On July 1st, the Qualys’s security team announced CVE-2024-6387, a remotely exploitable vulnerability in the OpenSSH server. This critical vulnerability is nicknamed “regreSSHion” because the root cause is an accidental removal of code that fixed a much earlier vulnerability CVE-2006-5051 back in 2006. The race condition affects the default configuration of sshd (the daemon program for SSH).

Sysdig Customer Care Chronicles - Security Is A Team Sport

For the Sysdig Customer Success team, our mission is simple: ensuring that our customers get the most value from our product. Usually that means helping them use the product, answering questions, and requesting feature enhancements. In our line of work, sometimes you have to throw out the usual playbook to make things happen. This particular story started when we noticed a change in a customer’s agent usage.

Want Your Third Parties To Take Security Seriously?

In the last decade, outsourcing to third parties–especially in the gig economy–has taken over key functions that enterprises used to handle internally. Today’s companies are frequently virtual–using third-party services that span the likes of application development, back-office corporate functions, contract manufacturing and research, marketing, and core IT services.

NIST CSF 2.0 - SDLC for Continuous Improvement of Security

This is an analysis of the impacts and implications on cybersecurity practices, benefits, challenges, and how to deal with the transition to the new NIST CSF 2.0 framework. NIST released an update to its Cyber Security Framework (CSF) in February 2024. Two of the most obvious takeaways from this version are the addition of a new pillar and the expansion of its application beyond critical infrastructure.

Meeting the 555 Benchmark

How long does it take your security teams to detect a potential threat, correlate relevant data, and initiate a response action? The 555 Benchmark for Cloud Detection and Response challenges organizations to detect a threat within 5 seconds, correlate data within 5 minutes, and initiate a response within 5 minutes. It is not just something you can implement or use to solve your cloud security struggles. It is about testing and improving your cloud security operations and processes.

How to Cut Cloud Investigations to 5 Minutes with Sysdig

Cloud breaches continue to rise unabated as organizations adopt hybrid cloud strategies. Many organizations have tried to simply extend their preexisting on-premises security into the cloud, but the cloud is a fundamentally different environment for security. It’s faster, more complex, and more dynamic, with an ever-increasing attack surface. Striking first means adversaries have a head start by default, leaving organizations only a fraction of time to investigate and initiate a response.

Introducing New Investigation Features for Sysdig Secure

Cloud migration and continuous innovation provide organizations with substantial gains in speed, scalability, and cost (to name a few). Most security teams have no choice but to make the jump to the cloud, in at least some capacity, to support and protect this rapidly expanding attack surface. But organizations and security teams aren’t alone. Threat actors have been readily adapting their craft to take advantage of cloud speed.

CDR: How Cloud Has Changed the Game

Some organizations are just beginning their migration to the cloud, while others are already firmly settled there, but almost everyone is in the cloud in some capacity by now. And for good reason: the cloud creates substantial advantages in speed, scalability, and cost. But the sobering reality is that modern threat actors have also made gains from migrating to the cloud. By weaponizing cloud automation, these threat actors can fully execute an attack in 10 minutes or less.

Securing AI in the Cloud: AI Workload Security for AWS

To bolster the security of AI workloads in the cloud, Sysdig has extended its recently launched AI Workload Security to AWS AI services, including Amazon Bedrock, Amazon SageMaker, and Amazon Q. This enhancement helps AWS AI service users secure AI workloads and keep pace with the speed of AI evolution.