SCARLETEEL, an operation reported on by the Sysdig Threat Research Team last February, continues to thrive, improve tactics, and steal proprietary data. Cloud environments are still their primary target, but the tools and techniques used have adapted to bypass new security measures, along with a more resilient and stealthy command and control architecture.
In the face of persistent data breaches and escalating cyber threats, organizations are compelled to prioritize cloud defense in depth. These measures are indispensable for protecting critical assets and upholding the integrity of cloud-based systems. By establishing a comprehensive security plan, organizations can effectively convey their commitment to security and lay a solid foundation for a resilient and secure cloud environment.
During May, a new vulnerability CVE-2023-32784 was discovered that affected KeePass. KeePass is a popular open source password manager which runs on Windows, Mac, or Linux. The vulnerability allows the extraction of the master key in cleartext from the memory of the process that was running. The master key will allow an attacker to access all the stored credentials. We strongly recommend updating to KeePass 2.54 to fix the vulnerability.
Discover how Sysdig Secure’s new Process Tree feature improves threat investigation. Imagine you’re investigating a security related detection, the investigation was triggered by the execution of stat/etc/shadow in one of your containers. Is this a sign of a legitimate activity, such as a developer debugging an app, or a sign that your container has been compromised? It depends on the context.
Is your organization grappling with the relentless pace of ever-changing threats in the cloud? Are you spending hours investigating security events without identifying the root cause of the problem?
In the rapidly evolving digital landscape, malicious actors constantly adapt their strategies to infiltrate our systems. Traditional endpoint detection mechanisms are no longer sufficient to protect our applications and workloads against advanced threats. To effectively address this concern, it has become imperative to embrace a broader approach to threat detection. This entails a paradigm shift towards incorporating both agent-based and agentless detection methods.
Discover how Sysdig Secure’s new “Kubernetes Live” informs of your Kubernetes security posture at a glance. Investigating a security incident may be a tennis match. Sometimes, you find yourself jumping from one window to another: one place for runtime events, another one for vulnerabilities, another one for logs. Gathering and correlating all the information available can be a time consuming task, but it’s the only way of having a clear view of what is going on.
Cloud Native Application Protection Platforms – or CNAPP solutions – are steadily gaining traction as the best solutions to address Cloud Native security. Regardless of your cloud adoption maturity (whether you’re PoC-ing some services in the cloud, running a few applications, or fully embracing this new era), We’re sure you have likely already noticed that cloud-native security is different from IT-managed data center security. But how exactly is it different?
The number of detected common vulnerabilities and exposures (CVEs) has significantly increased in the past decade. In the last five years, security researchers reported over 100,000 new CVEs. The highest reported annual figure was in 2022, with over 25,000 new CVEs. This number can overwhelm any security team if it’s not managed correctly between assessment, reporting, remediation, and monitoring.
In the world of cybersecurity, noise is a critical issue associated with Day 2 operations. The complex nature of noise and its impact on detection accuracy and false positives make it a challenging topic to address when creating detection rules, including in tools like Falco. This article will provide some guidelines on tuning Falco container security rules to eliminate noise.
