Autonomous SOC PlatformCloud security
Make your First Malware Honeypot in Under 20 Minutes
For a free honeypot, you can use one of the several open-source options listed below. Intezer Protect users with an upgraded account...
Log4Shell (Log4j RCE): Detecting Post-Exploitation Evidence is Best Chance for Mitigation
Vulnerabilities like Log4Shell (CVE-2021-44228) are difficult to contain using traditional mitigation options and they can be hard to patch. It can be hard to...
Implement these MITRE D3FEND™ Techniques with Intezer Protect
The MITRE Corporation released D3FEND™ (aka MITRE DEFEND™), a complementary framework to its industry acclaimed MITRE ATT&CK® matrix. MITRE D3FEND provides defense techniques...
Conducting Digital Forensics Incident Response (DFIR) on an Infected GitLab Server
GitLab servers are under attack with a now-patched critical vulnerability Earlier this week we investigated an incident that occurred on a new...
Exposed Prefect Workflows Could Lead to Disruptive Attacks
Workflow management platforms are powerful tools for automating and managing complex tasks. Integrating workflow platforms can help companies coordinate and ease their...
7 Factors to Consider When Choosing a Cloud Workload Protection Platform (CWPP)
Cloud Workload Protection Platforms (CWPPs) are a new generation of modern, scalable security solutions designed to protect applications in today’s landscape of...
Misconfigured Airflows Leak Thousands of Credentials from Popular Services
This research refers to misconfigured Apache Airflow managed by individuals or organizations (“users”). As a result of the misconfiguration, the credentials of...
Securing Microservices
Do you remember how it felt to get your first email account? Not only were you able to communicate with multiple people...
What is a Cloud Workload Protection Platform (CWPP)? And Why Do You Need It?
The cloud has completely transformed the IT landscape over the last few years. And it’s now entering a new era of hybrid-cloud...
Guide to Digital Forensics Incident Response in the Cloud
Enterprises today rely on a wide range of cloud services—infrastructure as a service (IaaS), platform as a service (PaaS), software as a...
New Attacks on Kubernetes via Misconfigured Argo Workflows
Key Points Intezer has detected a new attack vector against Kubernetes (K8s) clusters via misconfigured Argo Workflows instances. Attackers are already taking advantage of this...
Top 10 Linux Server Hardening and Security Best Practices
If you have servers connected to the internet, you likely have valuable data stored on them that needs to be protected from...
Why Relying on the Cloud Provider for Security is Not Enough
73% of organizations using the cloud are not sure which parts of security fall under their responsibility. Ultimately, the customer is responsible for...
9 Tools to Use Right Now to Improve Azure Platform Security
Security is changing as companies move their mission-critical workloads to the cloud, with Azure as one of the preferred destinations. Security in Azure follows...
7 Most Important AWS Security Tools
Like all leading cloud service providers, AWS follows a shared responsibility model for security and compliance. While platform-level security is owned and managed...
CVE-2021-27075: Microsoft Azure Vulnerability Allows Privilege Escalation and Leak of Private Data
In this post I will explain how the Microsoft Azure Virtual Machine (VM) extension works and how we found a fatal vulnerability in...
How to Secure Cloud Non-Native Workloads
Not All Applications are Cloud-Native Companies are adopting cloud at a faster pace but not all applications are born cloud-native. Many traditional...
Royal Flush: Privilege Escalation Vulnerability in Azure Functions
One of the most common benefits of transitioning to cloud services is the shared responsibility for securing your assets. But cloud providers...
Rocke Group Actively Targeting the Cloud: Wants Your SSH Keys
New Malware Variant Exploits Production Environment Rocke Group is a Chinese-based threat actor most known for running cryptojacking malware on Linux machines. The...
Cloud-Native Security 101
The arrival of the cloud has changed the application development process. Agile cloud-native applications have replaced traditional monolithic application architectures, and components...
Cloud Security Fundamentals: Servers to Containers & Everything In-Between
With Linux being the operating system for 96% of the cloud, the landscape has changed beyond endpoint detection. Intezer Protect is built...
Announcing Configuration Checks and Vulnerability Management
We’re excited to announce the release of two new Intezer Protect features. Intezer Protect now offers under the same roof not only...
Top 10 Cloud Malware Threats
They all target Linux systems For a long time Linux has not been seen as a serious target of threat actors. This...
Kaiji Goes Through Update but Code Reuse Detects It
Kaiji is a Linux malware that targets cloud servers Last week we detected a new Kaiji variant. It was undetected by all...
2020 Set a Record for New Linux Malware Families
Intezer’s 2021 X-Force Threat Intel Index Highlights It was a lot of fun collaborating with IBM on their 2021 X-Force Threat Intelligence...
Do You Really Need Kubernetes?
Kubernetes is one of the top open-source container orchestration projects, as it dramatically simplifies the creation and management of applications by providing...
Fix your Misconfigured Docker API Ports
It can be the difference between maintaining a safe environment for your applications or a compromised machine running malicious code. Misconfiguration of...
Swat Away Pesky Linux Cryptominers in Runtime
Cryptocurrency is trending. Bitcoin traded at a record high nearly $42,000 this month. Now Ether, the world’s second largest cryptocurrency, is closing in...
Transitioning Traditional Apps into the Cloud
For organizations, cloud adoption is the primary driver of digital transformation and modernizing traditional applications to cloud constructs is a major milestone....
Top Linux Cloud Threats of 2020
We tagged 2019 as The Year of the Linux Threat. That trend continued in 2020 with high profile APTs launching ELF malware,...
Not Another Linux Security Blog
Blogs about Linux cloud security are nothing new. However, most are filled with technical jargon that can make them difficult to understand....
CVE-2020-16995: Microsoft Azure Network Watcher Linux Extension EoP
Intro In our last blog post we disclosed an escalation of privileges vulnerability in Microsoft Azure App Services. In this post, we’ll describe...
Exploiting a Vulnerable Version of Apache Struts
Code execution is the key ingredient in any successful cyber attack. Exploiting a misconfiguration or vulnerability are some of the more common...
Migrating to the Cloud: Compliance Issues When Transitioning from a Traditional Data Center
For traditional data center operations, security and compliance requirements have always been operational overhead. Traditional data centers are under unique stresses in...
Are Containers More Secure Than VMs?
Stop and think for a moment. How many virtual machines (VMs) do you have running in your production cloud environment? How many...
Cloud Workload Security: What You Need to Know - Part 1
Cloud proliferation is on the rise, and more than ever before, security teams are on the lookout for solutions that align with...
Kud I Enter Your Server? New Vulnerabilities in Microsoft Azure
Main Findings We discovered two vulnerabilities in Microsoft Azure. They existed in a popular cloud service called Azure App Services—specifically impacting Linux...
Looking Back on the Last Decade of Linux APT Attacks
APTs are targeting Linux systems more than they ever have. Linux Attacks are on the Rise The research community continues to witness...
Complementing Your CSPM with Runtime Cloud Workload Protection
There are many solutions available for securing your cloud applications and workloads. Even after doing your due diligence and making an investment,...
Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks
Introduction TeamTNT is a cybercrime group that targets cloud environments including Docker and Kubernetes instances. The group has been previously documented using...
Watch Your Containers: Doki Infecting Docker Servers in the Cloud
Key Findings Ngrok Mining Botnet is an active campaign targeting exposed Docker servers in AWS, Azure, and other cloud platforms. It has...
What is Zero Trust Execution? Definition, Adoption & More
Zero Trust Execution is the industry recommended practice for securing workloads in the cloud. It provides a tight grip on your workloads...
Best Practices for Securing a Kubernetes Environment
Kubernetes (K8s) is the universal solution for container orchestration nowadays. This open-source tool allows a cluster to automatically scale, distribute, and handle...
A Comparison of Cloud Workload Protection Strategies
Cloud Workload Protection (CWP) refers to the security of workloads running in the cloud in any type of computing environment, e.g. physical...
Best Practices for Securing a Docker Runtime Environment
The move to containerized workloads has proven to be a revolutionary step in the evolution of software engineering and distributed systems. One...
Intezer Contribution to IBM X-Force Cloud Threat Landscape Report
We dubbed 2019 the year of Linux threats, evidenced by over 20 of our researcher’s publications related to attacks on this operating...
Building a Robust App Control Strategy for your Cloud Workloads
The use of Application Control—commonly referred to as whitelisting or Zero Trust Execution—is considered to be a robust and essential Cloud Workload...
Exploitation of SaltStack Vulnerabilities Signals Increase in Cloud Server Attacks
Recently attackers exploited vulnerabilities in the popular SaltStack infrastructure automation software to infect cloud servers. Several organizations and open-source projects had to...
What is Cloud Workload Protection?
Cloud Workload Protection is the protection and overall security of workloads running in the cloud in any type of computing environment. As...