In this blogpost we will demonstrate how to build a complete GKE security stack for anomaly detection and to prevent container runtime security threats. We will integrate Falco runtime security engine with Google Cloud Functions and Pub/Sub.

Recently, a member of the Falco community privately disclosed a capacity related vulnerability which, under circumstances where a malicious actor has already gained access to your system, could allow the actor to further bypass Falco’s detection of abnormal activity. The final details are still being worked out, but we believe the CVE will be classified as Medium severity according to the CVSS methodology.

We are happy to announce the release of Falco 0.15.0. This release incorporates a number of improvements, as well as bug fixes, and rules updates. This release also includes a mitigation for CVE-2019-8339, and all users are encouraged to update to this release. You can find more details about the features and improvements in the release notes, but below are a few highlights.

Cyber security assessment initiatives and frameworks abound in the US government, the most important being the Federal Information Systems Management Act (FISMA), passed in 2002. The law’s broad scope included a mandate to the US National Institute of Standards and Technology (NIST), charging it to create methods and standards to assess and optimize the cybersecurity posture of US government agencies.

AT&T Alien Labs has seen a number of reports of active exploitation of a vulnerability in Microsoft Sharepoint (CVE-2019-0604). One report by the Saudi Cyber Security Centre appears to be primarily targeted at organisations within the kingdom. An earlier report by the Canadian Cyber Security Centre identified similar deployment of the tiny China Chopper web-shell to gain an initial foothold.

Here at Bulletproof we’re an international business. Though most of our work is in the UK, we’ve expanded our reach to places including the USA, Europe (I was in Zurich only last month) and most recently, Bangalore. Sometimes the life of a Bulletproof Compliance Consultant is as glamorous as you think.

MITRE ATT&CK is a comprehensive knowledge base and complex framework of over 200 techniques that adversaries may use over the course of an attack. While MITRE’s full ATT&CK framework is publicly available, it can be characterized into 3 key elements.