Threat Detection Archives - Intezer
7

How to Write YARA Rules That Minimize False Positives

Generate Advanced YARA Rules Based on Code Reuse Incorporating YARA into daily security operations can accelerate incident response time, classify malware, empower...

8

SOC Level Up: Introduction to Sigma Rules

Sigma rules are catching on more and more for SOC teams, as a way to write one rule that can be used...

5

Scale Incident Response with Detection Engineering: Intezer Detect & Hunt

Adversaries are highly motivated, constantly expanding and improving their tools and techniques. On the other side of the fight, security teams are...

11

Boost Your SOC Skills: How to Detect Good Apps Gone Bad

Threat actors have a wide range of tools and techniques they can use in cyber attacks including: malware-as-a-service, open-source tools and malware...

10

Make your First Malware Honeypot in Under 20 Minutes

A “honeypot” is a metaphor that references using honey as bait for a lure or trap. Honeypots have served many purposes in...

5

Detection Rules for Sysjoker (and How to Make Them With Osquery)

On January 11, 2022, we released a blog post on a new malware called SysJoker. SysJoker is a malware targeting Windows, macOS,...

3

Log4Shell (Log4j RCE): Detecting Post-Exploitation Evidence is Best Chance for Mitigation

Vulnerabilities like Log4Shell (CVE-2021-44228) are difficult to contain using traditional mitigation options and they can be hard to patch. It can be hard to...

5

Implement these MITRE D3FEND™ Techniques with Intezer Protect

The MITRE Corporation released D3FEND™ (aka MITRE DEFEND™), a complementary framework to its industry acclaimed MITRE ATT&CK® matrix. MITRE D3FEND provides defense techniques...

5

Conducting Digital Forensics Incident Response (DFIR) on an Infected GitLab Server

GitLab servers are under attack with a now-patched critical vulnerability Earlier this week we investigated an incident that occurred on a new...

4

7 Factors to Consider When Choosing a Cloud Workload Protection Platform (CWPP)

Cloud Workload Protection Platforms (CWPPs) are a new generation of modern, scalable security solutions designed to protect applications in today’s landscape of...

5

Essential Security Tools for GCP

Cloud security constructs are always aligned with the concept of shared responsibility. GCP emulates this principle with its own shared responsibility model,...

10

Guide to Digital Forensics Incident Response in the Cloud

Enterprises today rely on a wide range of cloud services—infrastructure as a service (IaaS), platform as a service (PaaS), software as a...

6

New Attacks on Kubernetes via Misconfigured Argo Workflows

Key Points Intezer has detected a new attack vector against Kubernetes (K8s) clusters via misconfigured Argo Workflows instances. Attackers are already taking advantage of this...

6

Top 10 Linux Server Hardening and Security Best Practices

If you have servers connected to the internet, you likely have valuable data stored on them that needs to be protected from...

2

Reduce the Attack Surface with These Unique Runtime Features

Prioritize immediate risks in your cloud production environment Recently added Intezer Protect features for reducing the likelihood of an attack have a unique...

5

Why Relying on the Cloud Provider for Security is Not Enough

73% of organizations using the cloud are not sure which parts of security fall under their responsibility. Ultimately, the customer is responsible for...

5

9 Tools to Use Right Now to Improve Azure Platform Security

Security is changing as companies move their mission-critical workloads to the cloud, with Azure as one of the preferred destinations. Security in Azure follows...

5

7 Most Important AWS Security Tools

Like all leading cloud service providers, AWS follows a shared responsibility model for security and compliance. While platform-level security is owned and managed...

7

HabitsRAT Used to Target Linux and Windows Servers

We have discovered a new malware written in Go, which we are calling HabitsRAT, targeting both Windows and Linux machines. The Windows version of...

4

How to Secure Cloud Non-Native Workloads

Not All Applications are Cloud-Native Companies are adopting cloud at a faster pace but not all applications are born cloud-native. Many traditional...

6

Rocke Group Actively Targeting the Cloud: Wants Your SSH Keys

New Malware Variant Exploits Production Environment Rocke Group is a Chinese-based threat actor most known for running cryptojacking malware on Linux machines. The...

5

Cloud Security Fundamentals: Servers to Containers & Everything In-Between

With Linux being the operating system for 96% of the cloud, the landscape has changed beyond endpoint detection. Intezer Protect is built...

4

Top 10 Cloud Malware Threats

They all target Linux systems For a long time Linux has not been seen as a serious target of threat actors. This...

4

Kaiji Goes Through Update but Code Reuse Detects It

Kaiji is a Linux malware that targets cloud servers Last week we detected a new Kaiji variant. It was undetected by all...

© Intezer.com 2022 All rights reserved
Integrate with EDRs like CrowdStrike and SentinelOne to automate alert triage & response tasks.Integrate with EDRs like CrowdStrike and SentinelOne Learn more