Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Sysdig

CSPM - Least privilege principle in practice

Cloud Security Posture Management (CSPM) aims to automate the identification and remediation of risks across your entire cloud infrastructure. A core requirement of the CSPM framework is the need to enforce a principle of least privilege. There are certain overlaps with Cloud Infrastructure Entitlement Management (CIEM) solutions. CIEM is a newer categorization that came after CSPM.

Detecting Cryptomining Attacks "in the Wild"

Cryptomining attacks are becoming more notable in-line with the rise of blockchain and cryptocurrencies, so detecting cryptomining has become a high priority. Security researchers have found data breaches related to various cryptominer binaries running within victims’ infrastructures. The default openness of Kubernetes clusters and the availability of the extensive compute power required for mining makes Kubernetes clusters a perfect target for cryptomining attacks.

The Real Cost of Cryptomining: Adversarial Analysis of TeamTNT

TeamTNT is a notorious cloud-targeting threat actor, who generates the majority of their criminal profits through cryptojacking. Sysdig TRT attributed more than $8,100 worth of cryptocurrency to TeamTNT, which was mined on stolen cloud infrastructure, costing the victims more than $430,000. The full impact of TeamTNT and similar entities is unknowable, but at $1 of profit for every $53 the victim is billed, the damage to cloud users is extensive.

How to secure Helm

Helm is being used broadly to deploy Kubernetes applications as it is an easy way to publish and consume them via a couple of commands, as well as integrate them in your GitOps pipeline. But is Helm secure enough? Can you trust it blindly? This post explains the benefits of using Helm, the pitfalls, and offers a few recommendations for how to secure it. Let’s get started!

What does Sysdig do?

What does #Sysdig do and how is it different from other cloud and container security tools? Hear CEO Suresh Vasudevan explain how Sysdig can help customers secure and monitor their containers on the cloud from source to runtime. Stay up to date on the latest cloud native news and trends, get all the info on latest vulnerabilities and discover new ways for securing and monitoring kubernetes and containers on our blog.

Strengthen Cybersecurity with Shift-left and Shield-right Practices

Cyber attacks are an unfortunate reality in our interconnected world. The art of keeping up with malicious actors is challenging, but even more so with the move to cloud-native technologies. As a result, security is evolving. Developers, DevOps, and cloud teams must now learn a new set of best practices that balance shift-left and shield-right security approaches to reduce risk. There has never been a more critical time to revisit your cybersecurity strategy.

Three multi-tenant isolation boundaries of Kubernetes

Many of the benefits of running Kubernetes come from the efficiencies that you get when you share the cluster – and thus the underlying compute and network resources it manages – between multiple services and teams within your organization. Each of these major services or teams that share the cluster are tenants of the cluster – and thus this approach is referred to as multi-tenancy.

Escaping a Docker container

Escaping a docker container can get you access to the whole linux host, so it's a precious technique for a cyber attack. But it's also valuable for defenders: hacking docker containers to get a breakout is a fun way to better understand a vulnerability and how to better protect from these exploits! In this hands on video, we look at three real life scenarios where you can actually break out from a docker container.

Using Sysdig Secure to Detect and Prioritize Mitigation of CVE 2022-3602 & CVE 2022-3786: OpenSSL 3.0.7

The awaited OpenSSL 3.0.7 patch was released on Nov. 1. The OpenSSL Project team announced two HIGH severity vulnerabilities (CVE-2022-3602, CVE-2022-3786), which affect all OpenSSL v3 versions up to 3.0.6. These vulnerabilities are remediated in version 3.0.7, which was released Nov. 1. The vulnerabilities fixed include two stack-based buffer overflows in the name constraint checking portion of X.509 certificate verification.

How to deal with ransomware on Azure

Let’s dig deeper into the techniques used by attackers and the mitigations you should implement when ransomware on Azure affects you. By now, we should all be aware of ransomware from the constant news articles associated with this known threat. As we explained in the anatomy of a cloud attacks, ransomware is a way for attackers to make money when they gain control of your accounts through data encryption, therefore restricting your access to the system.