Cloud security

Detection Rules for Sysjoker (and How to Make Them With Osquery)

On January 11, 2022, we released a blog post on a new malware called SysJoker. SysJoker is a malware targeting Windows, macOS,...

Log4Shell (Log4j RCE): Detecting Post-Exploitation Evidence is Best Chance for Mitigation

Vulnerabilities like Log4Shell (CVE-2021-44228) are difficult to contain using traditional mitigation options and they can be hard to patch. It can be hard to...

Implement these MITRE D3FEND™ Techniques with Intezer Protect

The MITRE Corporation released D3FEND™ (aka MITRE DEFEND™), a complementary framework to its industry acclaimed MITRE ATT&CK® matrix. MITRE D3FEND provides defense techniques...

Conducting Digital Forensics Incident Response (DFIR) on an Infected GitLab Server

GitLab servers are under attack with a now-patched critical vulnerability Earlier this week we investigated an incident that occurred on a new...

Exposed Prefect Workflows Could Lead to Disruptive Attacks

Workflow management platforms are powerful tools for automating and managing complex tasks. Integrating workflow platforms can help companies coordinate and ease their...

7 Factors to Consider When Choosing a Cloud Workload Protection Platform (CWPP)

Cloud Workload Protection Platforms (CWPPs) are a new generation of modern, scalable security solutions designed to protect applications in today’s landscape of...

Misconfigured Airflows Leak Thousands of Credentials from Popular Services

This research refers to misconfigured Apache Airflow managed by individuals or organizations (“users”). As a result of the misconfiguration, the credentials of...

Essential Security Tools for GCP

Cloud security constructs are always aligned with the concept of shared responsibility. GCP emulates this principle with its own shared responsibility model,...

Securing Microservices

Do you remember how it felt to get your first email account? Not only were you able to communicate with multiple people...

What is a Cloud Workload Protection Platform (CWPP)? And Why Do You Need It?

The cloud has completely transformed the IT landscape over the last few years. And it’s now entering a new era of hybrid-cloud...

Guide to Digital Forensics Incident Response in the Cloud

Enterprises today rely on a wide range of cloud services—infrastructure as a service (IaaS), platform as a service (PaaS), software as a...

Top 10 Linux Server Hardening and Security Best Practices

If you have servers connected to the internet, you likely have valuable data stored on them that needs to be protected from...

Reduce the Attack Surface with These Unique Runtime Features

Prioritize immediate risks in your cloud production environment Recently added Intezer Protect features for reducing the likelihood of an attack have a unique...

Why Relying on the Cloud Provider for Security is Not Enough

73% of organizations using the cloud are not sure which parts of security fall under their responsibility. Ultimately, the customer is responsible for...

9 Tools to Use Right Now to Improve Azure Platform Security

Security is changing as companies move their mission-critical workloads to the cloud, with Azure as one of the preferred destinations. Security in Azure follows...

7 Most Important AWS Security Tools

Like all leading cloud service providers, AWS follows a shared responsibility model for security and compliance. While platform-level security is owned and managed...

CVE-2021-27075: Microsoft Azure Vulnerability Allows Privilege Escalation and Leak of Private Data

In this post I will explain how the Microsoft Azure Virtual Machine (VM) extension works and how we found a fatal vulnerability in...

How to Secure Cloud Non-Native Workloads

Not All Applications are Cloud-Native Companies are adopting cloud at a faster pace but not all applications are born cloud-native. Many traditional...

Royal Flush: Privilege Escalation Vulnerability in Azure Functions

One of the most common benefits of transitioning to cloud services is the shared responsibility for securing your assets. But cloud providers...

Rocke Group Actively Targeting the Cloud: Wants Your SSH Keys

New Malware Variant Exploits Production Environment Rocke Group is a Chinese-based threat actor most known for running cryptojacking malware on Linux machines. The...

Cloud-Native Security 101

The arrival of the cloud has changed the application development process. Agile cloud-native applications have replaced traditional monolithic application architectures, and components...

Cloud Security Fundamentals: Servers to Containers & Everything In-Between

With Linux being the operating system for 96% of the cloud, the landscape has changed beyond endpoint detection. Intezer Protect is built...

Announcing Configuration Checks and Vulnerability Management

We’re excited to announce the release of two new Intezer Protect features. Intezer Protect now offers under the same roof not only...

Top 10 Cloud Malware Threats

They all target Linux systems For a long time Linux has not been seen as a serious target of threat actors. This...

Kaiji Goes Through Update but Code Reuse Detects It

Kaiji is a Linux malware that targets cloud servers Last week we detected a new Kaiji variant. It was undetected by all...

2020 Set a Record for New Linux Malware Families

Intezer’s 2021 X-Force Threat Intel Index Highlights It was a lot of fun collaborating with IBM on their 2021 X-Force Threat Intelligence...

Do You Really Need Kubernetes?

Kubernetes is one of the top open-source container orchestration projects, as it dramatically simplifies the creation and management of applications by providing...

Fix your Misconfigured Docker API Ports

It can be the difference between maintaining a safe environment for your applications or a compromised machine running malicious code. Misconfiguration of...

How We Escaped Docker in Azure Functions

Summary of Findings What is Azure Functions? Technical Analysis Proof of Concept Why Does this Matter? Summary of Findings In previous months...

Swat Away Pesky Linux Cryptominers in Runtime

Cryptocurrency is trending. Bitcoin traded at a record high nearly $42,000 this month. Now Ether, the world’s second largest cryptocurrency, is closing in...

Cloud Workload Security: Part 4 - Explaining the Security Features of GCP

When it comes to securing your workloads in the cloud, having a well-defined security strategy with the right controls means that the...

Transitioning Traditional Apps into the Cloud

For organizations, cloud adoption is the primary driver of digital transformation and modernizing traditional applications to cloud constructs is a major milestone....

Top Linux Cloud Threats of 2020

We tagged 2019 as The Year of the Linux Threat. That trend continued in 2020 with high profile APTs launching ELF malware,...

8 Reasons to Try Intezer Protect Community Edition

Last week we launched the community edition of Intezer Protect. With strong Linux threat detection, low overhead and no slowdown in performance, Intezer Protect is...

Cloud Workload Security: Part 3 - Explaining Azure’s Security Features

Cloud security management will always remain an ongoing journey, as threats keep evolving and organizations need to keep updating their cloud security...

Intezer Protect Community Edition Now Available

Free runtime protection for your cloud workloads Get Started Today we go live with the Intezer Protect community edition. After a few months...

Not Another Linux Security Blog

Blogs about Linux cloud security are nothing new. However, most are filled with technical jargon that can make them difficult to understand....

Cloud Workload Security: Part 2 - Security Features of AWS

This article is the second post in our five-part series on security in the cloud today. In Part 1, we discussed what...

CVE-2020-16995: Microsoft Azure Network Watcher Linux Extension EoP

Intro In our last blog post we disclosed an escalation of privileges vulnerability in Microsoft Azure App Services. In this post, we’ll describe...

Exploiting a Vulnerable Version of Apache Struts

Code execution is the key ingredient in any successful cyber attack. Exploiting a misconfiguration or vulnerability are some of the more common...

Migrating to the Cloud: Compliance Issues When Transitioning from a Traditional Data Center

For traditional data center operations, security and compliance requirements have always been operational overhead. Traditional data centers are under unique stresses in...

Are Containers More Secure Than VMs?

Stop and think for a moment. How many virtual machines (VMs) do you have running in your production cloud environment? How many...

Cloud Workload Security: What You Need to Know - Part 1

Cloud proliferation is on the rise, and more than ever before, security teams are on the lookout for solutions that align with...

Kud I Enter Your Server? New Vulnerabilities in Microsoft Azure

Main Findings We discovered two vulnerabilities in Microsoft Azure. They existed in a popular cloud service called Azure App Services—specifically impacting Linux...

Looking Back on the Last Decade of Linux APT Attacks

APTs are targeting Linux systems more than they ever have. Linux Attacks are on the Rise The research community continues to witness...

Complementing Your CSPM with Runtime Cloud Workload Protection

There are many solutions available for securing your cloud applications and workloads. Even after doing your due diligence and making an investment,...

TTPs Matrix for Linux Cloud Servers with Detection Methods

Taking inspiration from the MITRE ATT&CK® framework, we previously developed a matrix categorizing adversary tactics and techniques for Linux cloud servers. Linux...

Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks

Introduction TeamTNT is a cybercrime group that targets cloud environments including Docker and Kubernetes instances. The group has been previously documented using...

Community Beta Announcement

Update: Intezer Protect community edition is out of Beta and now available to everyone. Get Started Today we go live with the...

Watch Your Containers: Doki Infecting Docker Servers in the Cloud

Key Findings Ngrok Mining Botnet is an active campaign targeting exposed Docker servers in AWS, Azure, and other cloud platforms. It has...

What is Zero Trust Execution? Definition, Adoption & More

Zero Trust Execution is the industry recommended practice for securing workloads in the cloud. It provides a tight grip on your workloads...

Best Practices for Securing a Kubernetes Environment

Kubernetes (K8s) is the universal solution for container orchestration nowadays. This open-source tool allows a cluster to automatically scale, distribute, and handle...

A Comparison of Cloud Workload Protection Strategies

Cloud Workload Protection (CWP) refers to the security of workloads running in the cloud in any type of computing environment, e.g. physical...

Get Access to our Weekly Linux Threat Feed

With an emphasis placed on protecting Windows endpoints, the antivirus industry is struggling to detect Linux threats. In a 2019 study conducted by...

Best Practices for Securing a Docker Runtime Environment

The move to containerized workloads has proven to be a revolutionary step in the evolution of software engineering and distributed systems. One...

Intezer Contribution to IBM X-Force Cloud Threat Landscape Report

We dubbed 2019 the year of Linux threats, evidenced by over 20 of our researcher’s publications related to attacks on this operating...

Building a Robust App Control Strategy for your Cloud Workloads

The use of Application Control—commonly referred to as whitelisting or Zero Trust Execution—is considered to be a robust and essential Cloud Workload...

< 1

Intezer Recognized as Key Player in Latest Gartner Market Guide

Intezer Protect, Intezer’s new Cloud Workload Protection Platform (CWPP), has been recognized in the latest Gartner Market Guide only four months since...

Exploitation of SaltStack Vulnerabilities Signals Increase in Cloud Server Attacks

Recently attackers exploited vulnerabilities in the popular SaltStack infrastructure automation software to infect cloud servers. Several organizations and open-source projects had to...

What is Cloud Workload Protection?

Cloud Workload Protection is the protection and overall security of workloads running in the cloud in any type of computing environment. As...

Pre-runtime vulnerability scans or runtime protection: Which is better for your IaaS security?

Under Armour’s famous slogan sums up the mission perfectly: We Must Protect this House. As adoption of cloud services continues, security teams...

TTPs matrix for Linux cloud servers

Checklist for protecting your Linux cloud servers against cyber attacks Taking inspiration from the MITRE ATT&CK® framework, we have developed a matrix categorizing...

< 1

Maintain compliance while transitioning to the cloud

Conducting business in a cloud environment presents unique security challenges, including achieving and maintaining compliance with regulations that were designed with traditional...

Introducing runtime Cloud Workload Protection Platform (CWPP) Intezer Protect

Unveiling our Cloud Workload Protection Platform (CWPP) which defends your cloud servers in runtime against the leading cause of cyber attacks: unauthorized and malicious...

Intezer Protect: How it Works

Intezer Protect is our NEW runtime Cloud Workload Protection Platform (CWPP). Powered by Malware Analysis technology, this solution continuously monitors the code running...

A Straw-by-Straw Analysis: The Zero-Trust Approach for your Alert Haystack

This blog post serves as a preview to an Infosecurity Europe tech talk that will be presented on Wednesday, June 5, 2019....

Technical Analysis: Pacha Group Competing against Rocke Group for Cryptocurrency Mining Foothold on the Cloud

Pacha Group is a crypto-mining threat actor we at Intezer discovered and profiled in a blog post published on February 28, 2019....

< 1

War on the Cloud: Cybercriminals Competing for Cryptocurrency Mining Foothold

The Pacha Group is a threat actor discovered by Intezer and profiled in a blog post published on February 28, 2019. Dating back...

Used by

Used for

Capabilities

Security for