Containers have revolutionized development in the cloud, allowing dev teams to work with unprecedented speed, efficiency, and scale. But securing containers at that speed and scale can be a thorny problem. The infrastructure of containers is complex and contains multiple attack vectors, and most enterprises don’t have the time or resources to secure all attack vectors for all containers.

The heightened demand for cloud applications places a premium on the agility of development teams to swiftly create and deploy them. Simultaneously, security teams face the crucial task of safeguarding the organization’s cloud infrastructure without impeding the pace of innovation.

The Sysdig Threat Research Team (TRT) discovered the malicious use of a new network mapping tool called SSH-Snake that was released on 4 January 2024. SSH-Snake is a self-modifying worm that leverages SSH credentials discovered on a compromised system to start spreading itself throughout the network. The worm automatically searches through known credential locations and shell history files to determine its next move. SSH-Snake is actively being used by threat actors in offensive operations.

The Sysdig Threat Research Team (TRT) published their latest Cloud-Native Security & Usage Report for 2024. As always, the research team managed to shed additional light on critical vulnerabilities inherent in current container security practices.

This is the first article in a series focusing on syscall evasion as a means to work around detection by security tools and what we can do to combat such efforts. We’ll be starting out the series discussing how this applies to Linux operating systems, but this is a technique that applies to Windows as well, and we’ll touch on some of this later on in the series. In this particular installment, we’ll be discussing syscall evasion with bash shell builtins.

Today’s digital organizations thrive in the cloud. The advantages are undeniable – cost savings, scalability, and seamless access to resources, applications, and data all foster better business agility, collaboration, and innovation. With over 85% of organizations adopting a cloud-first strategy by 2025, it’s clear that the cloud is integral to modern operations.

The Sysdig 2024 Cloud‑Native Security and Usage Report highlights the evolving threat landscape, but more importantly, as the adoption of cloud-native technologies such as container and Kubernetes continue to increase, not all organizations are following best practices. This is ultimately handing attackers an advantage when it comes to exploiting containers for resource utilization in operations such as Kubernetes.

In the fast-paced world of application development, the use of open source components offers a quick path to building sophisticated applications. However, this approach introduces critical questions about software composition, licensing, and security. Before pushing any new application to production or even staging, the security and compliance teams alongside the application owner must address the following: This is where the importance of a Software Bill of Materials (SBOM) becomes clear.

The cloud security market is still maturing and growing at a rapid pace. New security jargon, solutions, vendors, and acronyms are constantly appearing, making it difficult to have a clear sense of what approach to cloud security is best for your own organization. Cloud-native application platforms (CNAPPs) are one of the most recent categories in this space.

On January 16, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) sent out a Cybersecurity Advisory (CSA) about active threat actors deploying the AndroxGh0st malware. This is significant as cyber criminals are actively using this malware to target Laravel (CVE-2018-15133) (an open source PHP framework).env files and obtain credentials for various high profile applications like Office365, SendGrid, and Twilio.