HackDig : Dig high-quality web security articles for hackers

THREAT ALERT: Crypto miner attack involving RinBot’s server, a popular Discord bot

The Sysdig Security Research team has identified crypto mining activities coming from the server hosting the popular RinBot Discord bot. Discord is a free app for mobile and computers that lets people chat via text, voice, or video in real time. With more than 100 million active users during 2020, Discord is extremely popular among young people and gamer
Publish At:2021-01-27 19:25 | Read:105 | Comments:0 | Tags:Uncategorized Detection falco Kubernetes Sysdig Monitor Sysd

Falco vs. AuditD from the HIDS perspective

In this blog, we will compare and contrast Falco vs. AuditD from a Host Intrusion Detection (HIDS) perspective. AuditD is a native feature to the Linux kernel that collects certain types of system activity to facilitate incident investigation. Falco is the CNCF open-source project for runtime threat detection for containers and Kubernetes. We wi
Publish At:2021-01-19 12:37 | Read:163 | Comments:0 | Tags:Falco AuditD Detection falco

Detect CVE-2020-8554 using Falco

CVE-2020-8554 is a vulnerability that particularly affects multi-tenant Kubernetes clusters. If a potential attacker can create or edit services and pods, then they may be able to intercept traffic from other pods or nodes in the cluster. An attacker that is able to create a ClusterIP service and set the spec.externalIPs field can intercept traffic
Publish At:2020-12-23 13:13 | Read:179 | Comments:0 | Tags:Falco Uncategorized

Preventing malicious use of Weave Scope

Intezer and Microsoft reported on Sept. 9 that TeamTNT hackers are deploying Weave Scope in compromised systems as an auxiliary tool in their intrusions. Weave Scope is a legitimate and powerful tool to manage server infrastructure that, once deployed, makes it easy to control all resources. In this article, we will describe how this tool can be used mali
Publish At:2020-12-10 13:13 | Read:184 | Comments:0 | Tags:Docker Falco Kubernetes Sysdig Secure falco Image scanning

Zoom into Kinsing

The Kinsing attack has recently been reported by security researchers, and it is well known for targeting misconfigured cloud native environments. It is also known for its comprehensive attack patterns, as well as defense evasion schemes. A misconfigured host or cluster could be exploited to run any container desired by the attacker. That would cause outa
Publish At:2020-11-23 15:37 | Read:308 | Comments:0 | Tags:Falco Sysdig Secure Kinsing Kubernetes

SOC 2 compliance for containers and Kubernetes security

This article contains useful tips to implement SOC 2 compliance for containers and Kubernetes. The Service Organization Controls (SOC) reports are the primary way that service organizations provide evidence of how effective their controls are for finance (SOC 1) or securing customer data (SOC 2, SOC 3). These reports are issued by the American Institu
Publish At:2020-10-27 12:18 | Read:343 | Comments:0 | Tags:Falco Kubernetes Sysdig Secure compliance falco Image scanni

Understanding and mitigating CVE-2020-8566: Ceph cluster admin credentials leaks in kube-controller-manager log

While auditing the Kubernetes source code, I recently discovered an issue (CVE-2020-8566) in Kubernetes that may cause sensitive data leakage. You would be affected by CVE-2020-8566 if you created a Kubernetes cluster using ceph cluster as storage class, with logging level set to four or above in kube-controller-manager. In that case, your ceph user c
Publish At:2020-10-26 20:42 | Read:493 | Comments:0 | Tags:Falco Kubernetes Sysdig Secure control plane falco

NIST 800-53 compliance for containers and Kubernetes

In this blog, we will cover the various requirements you need to meet to achieve NIST 800-53 compliance, as well as how Sysdig Secure can help you continuously validate NIST 800-53 requirements for containers and Kubernetes. What is NIST 800-53 compliance? The National Institute of Standards and Technology (NIST) is a non-regulatory government agency
Publish At:2020-10-20 12:36 | Read:281 | Comments:0 | Tags:Falco Kubernetes Sysdig Secure CloudTrail compliance falco N

Understanding and mitigating CVE-2020-8563: vSphere credentials leak in the cloud-controller-manager log

While auditing the Kubernetes source code, I recently discovered an issue (CVE-2020-8563) in Kubernetes that may cause sensitive data leakage. When creating a k8s cluster over vSphere, and enabling vSphere as a cloud provider with logging level set to 4 or above, the vSphere user credentials will be included in the cloud-controller-manager‘s log
Publish At:2020-10-16 11:06 | Read:527 | Comments:0 | Tags:Falco Kubernetes Sysdig Secure cve falco VSphere Cloud

Detecting and Mitigating Potential Container Escapes via CVE-2020-14386

On September 14, CVE-2020-14386 was reported as a “high” severity threat. This CVE is a kernel security vulnerability that enables an unprivileged local process to gain root access to the system. CVE-2020-14386 is a result of a bug found in the packet socket facility in the Linux kernel. It allows a bad actor to trigger a memory corruption that can be
Publish At:2020-09-16 20:49 | Read:561 | Comments:0 | Tags:Falco Google Cloud Kubernetes Sysdig Sysdig Secure Uncategor

A security journey to open source

After more than 10 years researching security issues, I wrote a book about it! I have been working in the security industry for more than 10 years. Before I joined Sysdig, I worked at several companies, focusing on database security, data security to Docker, and Kubernetes security. While I have enjoyed all of my positions, Sysdig is where I w
Publish At:2020-09-02 12:48 | Read:565 | Comments:0 | Tags:Falco Kubernetes falco security

Detect CVE-2020-8557 using Falco

A new vulnerability, CVE-2020-8557, has been detected in kubelet. It can be exploited by writing into /etc/hosts to cause a denial of service. The source of the issue is that the /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager, so it’s not taken into account when calculating ephemeral storage usage by
Publish At:2020-07-16 07:41 | Read:647 | Comments:0 | Tags:Falco Kubernetes Sysdig Secure falco

File Integrity Monitoring: Detecting suspicious file activity inside a container

In this blog, we will explore suspicious file activity inside a container and see how to effectively implement a file integrity monitoring (FIM) workflow. We’ll also cover how Sysdig Secure can help you implement FIM for both containers and Linux hosts. What is file integrity monitoring (FIM)? File integrity monitoring gives you visibility into
Publish At:2020-06-30 13:20 | Read:620 | Comments:0 | Tags:Falco Sysdig Secure compliance falco Image scanning

Improving the Prometheus exporter for Amazon CloudWatch

A Prometheus CloudWatch exporter is a key element for anyone wanting to monitor AWS CloudWatch. Exporting CloudWatch metrics to a Prometheus server allows leveraging of the power of PromQL queries, integrating AWS metrics with those from other applications or cloud providers, and creating advanced dashboards for digging down into problems. But, who wa
Publish At:2020-05-24 09:25 | Read:799 | Comments:0 | Tags:AWS Falco falco Monitoring PromCat Prometheus Sysdig Monitor

Falco Support on AWS Fargate

Today we’re very excited to announce a partnership with Amazon to support Fargate in Sysdig’s product line. We are also announcing that Falco, the world’s most popular runtime security tool for containers, will soon be able to work on Fargate. This is an important milestone. For the first time, Fargate users will enjoy the benefit of deep instrumentation.
Publish At:2020-04-08 18:40 | Read:1211 | Comments:0 | Tags:AWS Falco falco

Tools

Tag Cloud