In the world of cloud-native applications, microservices and Kubernetes have become the backbone of modern software architecture. The scalability, flexibility, and orchestration capabilities provided by Kubernetes have revolutionized how applications are built and managed. However, like any powerful tool, Kubernetes introduces complexity, and with complexity comes risk — particularly in the form of security vulnerabilities.

One of the primary goals of information security is to protect data, which of course entails protecting the resources that store and provide access to that data. According to the NIST Cybersecurity Framework, organizations need to develop and implement the necessary protections to restrict or mitigate the effect of a possible cybersecurity incident. Security should be integrated right from the source of the cloud architecture design process.

There is nothing more exciting (or nerve-wracking) than sharing something you’ve created with the world. Over 25 years ago, we started working on Wireshark. For us, it has always been more than just a piece of software — it’s how we met, how we began our careers, and how we learned to solve problems that once seemed insurmountable.

The origins of Sysdig, Falco, and Wireshark can be traced back to one fundamental need: making sense of complex, real-time network traffic for better security and operational insights. Long before containers and cloud security became pressing concerns, Gerald Combs and Loris Degioanni, creators of Wireshark, were solving a different but related problem: how to capture and analyze packets to understand what was happening across networks.

After years in the technical writing trenches at industry giants like Cisco, Riverbed, and Akamai, I now lead the Sysdig Documentation team. I’m Shuba Subramaniam, and I’m passionate about creating content that truly helps people — whether they’re exploring Sysdig for the first time or troubleshooting a tricky issue at 2 a.m.

On Tuesday, January 14, 2025, a set of vulnerabilities were announced that affect the “rsync” utility. Rsync allows files and directories to be flexibly transferred locally and remotely. It is often used for deployments and backup purposes. In total, 6 vulnerabilities were announced to the OSS Security mailing list. The most severe vulnerability, CVE-2024-12084, may result in remote code execution. This post will cover how to detect and mitigate CVE-2024-12084.

Many are familiar with how GitLab leverages Falco in its Package Hunter project to detect threats through system call monitoring. However, fewer may be aware of a powerful GitLab plugin for Falco that ingests audit events directly from GitLab, transforming them into actionable fields within Falco. By integrating GitLab audit event fields, you can create Falco rules to detect potential threats in real time and send alerts through your configured notification channels.

As the adoption of cloud-native technologies like containers, Kubernetes, and microservices have evolved, traditional security solutions have struggled to keep up. According to the Sysdig Threat Research Team (TRT), the average time it takes an attacker to perform reconnaissance and complete an attack is just 10 minutes. To help teams outpace attackers, cloud-native application protection platforms have emerged.