Cloud security
Make your First Malware Honeypot in Under 20 Minutes
A “honeypot” is a metaphor that references using honey as bait for a lure or trap. Honeypots have served many purposes in...
Detection Rules for Sysjoker (and How to Make Them With Osquery)
On January 11, 2022, we released a blog post on a new malware called SysJoker. SysJoker is a malware targeting Windows, macOS,...
Log4Shell (Log4j RCE): Detecting Post-Exploitation Evidence is Best Chance for Mitigation
Vulnerabilities like Log4Shell (CVE-2021-44228) are difficult to contain using traditional mitigation options and they can be hard to patch. It can be hard to...
Implement these MITRE D3FEND™ Techniques with Intezer Protect
The MITRE Corporation released D3FEND™ (aka MITRE DEFEND™), a complementary framework to its industry acclaimed MITRE ATT&CK® matrix. MITRE D3FEND provides defense techniques...
Conducting Digital Forensics Incident Response (DFIR) on an Infected GitLab Server
GitLab servers are under attack with a now-patched critical vulnerability Earlier this week we investigated an incident that occurred on a new...
Exposed Prefect Workflows Could Lead to Disruptive Attacks
Workflow management platforms are powerful tools for automating and managing complex tasks. Integrating workflow platforms can help companies coordinate and ease their...
7 Factors to Consider When Choosing a Cloud Workload Protection Platform (CWPP)
Cloud Workload Protection Platforms (CWPPs) are a new generation of modern, scalable security solutions designed to protect applications in today’s landscape of...
Misconfigured Airflows Leak Thousands of Credentials from Popular Services
This research refers to misconfigured Apache Airflow managed by individuals or organizations (“users”). As a result of the misconfiguration, the credentials of...
Essential Security Tools for GCP
Cloud security constructs are always aligned with the concept of shared responsibility. GCP emulates this principle with its own shared responsibility model,...
Securing Microservices
Do you remember how it felt to get your first email account? Not only were you able to communicate with multiple people...
What is a Cloud Workload Protection Platform (CWPP)? And Why Do You Need It?
The cloud has completely transformed the IT landscape over the last few years. And it’s now entering a new era of hybrid-cloud...
Guide to Digital Forensics Incident Response in the Cloud
Enterprises today rely on a wide range of cloud services—infrastructure as a service (IaaS), platform as a service (PaaS), software as a...
Top 10 Linux Server Hardening and Security Best Practices
If you have servers connected to the internet, you likely have valuable data stored on them that needs to be protected from...
Reduce the Attack Surface with These Unique Runtime Features
Prioritize immediate risks in your cloud production environment Recently added Intezer Protect features for reducing the likelihood of an attack have a unique...
Why Relying on the Cloud Provider for Security is Not Enough
73% of organizations using the cloud are not sure which parts of security fall under their responsibility. Ultimately, the customer is responsible for...
9 Tools to Use Right Now to Improve Azure Platform Security
Security is changing as companies move their mission-critical workloads to the cloud, with Azure as one of the preferred destinations. Security in Azure follows...
7 Most Important AWS Security Tools
Like all leading cloud service providers, AWS follows a shared responsibility model for security and compliance. While platform-level security is owned and managed...
CVE-2021-27075: Microsoft Azure Vulnerability Allows Privilege Escalation and Leak of Private Data
In this post I will explain how the Microsoft Azure Virtual Machine (VM) extension works and how we found a fatal vulnerability in...
How to Secure Cloud Non-Native Workloads
Not All Applications are Cloud-Native Companies are adopting cloud at a faster pace but not all applications are born cloud-native. Many traditional...
Royal Flush: Privilege Escalation Vulnerability in Azure Functions
One of the most common benefits of transitioning to cloud services is the shared responsibility for securing your assets. But cloud providers...
Rocke Group Actively Targeting the Cloud: Wants Your SSH Keys
New Malware Variant Exploits Production Environment Rocke Group is a Chinese-based threat actor most known for running cryptojacking malware on Linux machines. The...
Cloud-Native Security 101
The arrival of the cloud has changed the application development process. Agile cloud-native applications have replaced traditional monolithic application architectures, and components...
Cloud Security Fundamentals: Servers to Containers & Everything In-Between
With Linux being the operating system for 96% of the cloud, the landscape has changed beyond endpoint detection. Intezer Protect is built...
Announcing Configuration Checks and Vulnerability Management
We’re excited to announce the release of two new Intezer Protect features. Intezer Protect now offers under the same roof not only...
Top 10 Cloud Malware Threats
They all target Linux systems For a long time Linux has not been seen as a serious target of threat actors. This...
Kaiji Goes Through Update but Code Reuse Detects It
Kaiji is a Linux malware that targets cloud servers Last week we detected a new Kaiji variant. It was undetected by all...
2020 Set a Record for New Linux Malware Families
Intezer’s 2021 X-Force Threat Intel Index Highlights It was a lot of fun collaborating with IBM on their 2021 X-Force Threat Intelligence...
Do You Really Need Kubernetes?
Kubernetes is one of the top open-source container orchestration projects, as it dramatically simplifies the creation and management of applications by providing...
Fix your Misconfigured Docker API Ports
It can be the difference between maintaining a safe environment for your applications or a compromised machine running malicious code. Misconfiguration of...
How We Escaped Docker in Azure Functions
Summary of Findings What is Azure Functions? Technical Analysis Proof of Concept Why Does this Matter? Summary of Findings In previous months...
Swat Away Pesky Linux Cryptominers in Runtime
Cryptocurrency is trending. Bitcoin traded at a record high nearly $42,000 this month. Now Ether, the world’s second largest cryptocurrency, is closing in...
Transitioning Traditional Apps into the Cloud
For organizations, cloud adoption is the primary driver of digital transformation and modernizing traditional applications to cloud constructs is a major milestone....
Top Linux Cloud Threats of 2020
We tagged 2019 as The Year of the Linux Threat. That trend continued in 2020 with high profile APTs launching ELF malware,...
8 Reasons to Try Intezer Protect Community Edition
Last week we launched the community edition of Intezer Protect. With strong Linux threat detection, low overhead and no slowdown in performance, Intezer Protect is...
Intezer Protect Community Edition Now Available
Free runtime protection for your cloud workloads Get Started Today we go live with the Intezer Protect community edition. After a few months...
Not Another Linux Security Blog
Blogs about Linux cloud security are nothing new. However, most are filled with technical jargon that can make them difficult to understand....
CVE-2020-16995: Microsoft Azure Network Watcher Linux Extension EoP
Intro In our last blog post we disclosed an escalation of privileges vulnerability in Microsoft Azure App Services. In this post, we’ll describe...
Exploiting a Vulnerable Version of Apache Struts
Code execution is the key ingredient in any successful cyber attack. Exploiting a misconfiguration or vulnerability are some of the more common...
Migrating to the Cloud: Compliance Issues When Transitioning from a Traditional Data Center
For traditional data center operations, security and compliance requirements have always been operational overhead. Traditional data centers are under unique stresses in...
Are Containers More Secure Than VMs?
Stop and think for a moment. How many virtual machines (VMs) do you have running in your production cloud environment? How many...
Cloud Workload Security: What You Need to Know - Part 1
Cloud proliferation is on the rise, and more than ever before, security teams are on the lookout for solutions that align with...
Kud I Enter Your Server? New Vulnerabilities in Microsoft Azure
Main Findings We discovered two vulnerabilities in Microsoft Azure. They existed in a popular cloud service called Azure App Services—specifically impacting Linux...
Looking Back on the Last Decade of Linux APT Attacks
APTs are targeting Linux systems more than they ever have. Linux Attacks are on the Rise The research community continues to witness...
Complementing Your CSPM with Runtime Cloud Workload Protection
There are many solutions available for securing your cloud applications and workloads. Even after doing your due diligence and making an investment,...
TTPs Matrix for Linux Cloud Servers with Detection Methods
Taking inspiration from the MITRE ATT&CK® framework, we previously developed a matrix categorizing adversary tactics and techniques for Linux cloud servers. Linux...
Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks
Introduction TeamTNT is a cybercrime group that targets cloud environments including Docker and Kubernetes instances. The group has been previously documented using...
Community Beta Announcement
Update: Intezer Protect community edition is out of Beta and now available to everyone. Get Started Today we go live with the...
Watch Your Containers: Doki Infecting Docker Servers in the Cloud
Key Findings Ngrok Mining Botnet is an active campaign targeting exposed Docker servers in AWS, Azure, and other cloud platforms. It has...
What is Zero Trust Execution? Definition, Adoption & More
Zero Trust Execution is the industry recommended practice for securing workloads in the cloud. It provides a tight grip on your workloads...
Best Practices for Securing a Kubernetes Environment
Kubernetes (K8s) is the universal solution for container orchestration nowadays. This open-source tool allows a cluster to automatically scale, distribute, and handle...
A Comparison of Cloud Workload Protection Strategies
Cloud Workload Protection (CWP) refers to the security of workloads running in the cloud in any type of computing environment, e.g. physical...
Get Access to our Weekly Linux Threat Feed
With an emphasis placed on protecting Windows endpoints, the antivirus industry is struggling to detect Linux threats. In a 2019 study conducted by...
Best Practices for Securing a Docker Runtime Environment
The move to containerized workloads has proven to be a revolutionary step in the evolution of software engineering and distributed systems. One...
Intezer Contribution to IBM X-Force Cloud Threat Landscape Report
We dubbed 2019 the year of Linux threats, evidenced by over 20 of our researcher’s publications related to attacks on this operating...
Building a Robust App Control Strategy for your Cloud Workloads
The use of Application Control—commonly referred to as whitelisting or Zero Trust Execution—is considered to be a robust and essential Cloud Workload...
Intezer Recognized as Key Player in Latest Gartner Market Guide
Intezer Protect, Intezer’s new Cloud Workload Protection Platform (CWPP), has been recognized in the latest Gartner Market Guide only four months since...
Exploitation of SaltStack Vulnerabilities Signals Increase in Cloud Server Attacks
Recently attackers exploited vulnerabilities in the popular SaltStack infrastructure automation software to infect cloud servers. Several organizations and open-source projects had to...
What is Cloud Workload Protection?
Cloud Workload Protection is the protection and overall security of workloads running in the cloud in any type of computing environment. As...
Pre-runtime vulnerability scans or runtime protection: Which is better for your IaaS security?
Under Armour’s famous slogan sums up the mission perfectly: We Must Protect this House. As adoption of cloud services continues, security teams...
TTPs matrix for Linux cloud servers
Checklist for protecting your Linux cloud servers against cyber attacks Taking inspiration from the MITRE ATT&CK® framework, we have developed a matrix categorizing...
Maintain compliance while transitioning to the cloud
Conducting business in a cloud environment presents unique security challenges, including achieving and maintaining compliance with regulations that were designed with traditional...
Introducing runtime Cloud Workload Protection Platform (CWPP) Intezer Protect
Unveiling our Cloud Workload Protection Platform (CWPP) which defends your cloud servers in runtime against the leading cause of cyber attacks: unauthorized and malicious...
Intezer Protect: How it Works
Intezer Protect is our NEW runtime Cloud Workload Protection Platform (CWPP). Powered by Malware Analysis technology, this solution continuously monitors the code running...