Google Cloud Run is a serverless compute platform that automatically scales your stateless containers. In this post we are going to showcase how to secure the entire lifecycle of your Cloud Run services. Sysdig provides a secure DevOps workflow for Cloud Run Platforms that embeds security, maximizes availability and validates compliance across the ser

Instagram is without doubts a leading social network of nowadays. Millions of people from all over the world are browsing trough its news feed daily, posting moments from their life, following other users, celebrities and stuff what interest them. With a huge rise of Instagram’s popularity, with hundreds of thousands daily active users, it’s a common thing t

Many Twitter users across the world got themselves in situation of losing their account password at least once in their lifetime. This problem may occur due to many reasons. One can simply forget or save their password somewhere safe, and after some time you can’t remember it. Some Twitter accounts are also getting hacked and lost forever. In most situation

This tutorial is written in goal to help users of TikTok social network who lost their account due to hacking or by forgetting their password. Yes, lost accounts can easily be recovered using “password reset” feature located at login page of almost every website. But the problem for many users is that they even lose password of their email account used when

Phishing for baits: How to get all the treats and none of the tricks. October 27th, 2019 No Comments Uncategorized Halloween is around the corner, and you know what that means – scary customs, scary movies, scary decorations, and, unfortunately, sc

I’m in Luxembourg for a full week of infosec events. It started today with the MISP summit. It was already the fifth edition and, based on the number of attendees, the tool is getting more and more popularity. The event started with a recap of what happened since the last edition. It was a pretty busy year with many improvements, add-ons. More and mor

First, congratulations to Datadog for building a strong business and its IPO today!Datadog’s rapid growth illustrates a couple of key industry themes: First, growth in cloud applications continues at an unprecedented rate, and second, cloud applications require enterprises to rethink existing tools for visibility. Most significantly, the fact that Datadog ha

Combining both n-grams and random forest models to detect malicious activity. Author: Haroen Bashir An essential part of Managed Detection and Response at Fox-IT is the Security Operations Center. This is our frontline for detecting and analyzing possible threats. Our Security Operations Center brings together the best in human and machine analysis and we c

During penetration tests, our primary goal is to identify the difference in paths that can be used to obtain the goal(s) as agreed upon with our customers. This often succeeds due to insufficient hardening, lack of awareness or poor password hygiene. Sometimes we do get access to a resource, but do not have access to the username or password of the user that

Written and researched by Mark Bregman and Rindert Kramer Sending signed phishing emails Every organisation, whatever its size, will encounter phishing emails sooner or later. While the number of phishing attacks is increasing every day, the way in which phishing is used within a cyber-attack has not changed: an attacker comes up with a scenario which looks

How an anomalous space led to fingerprinting Summary On the 2nd of January 2019 Cobalt Strike version 3.13 was released, which contained a fix for an “extraneous space”. This uncommon whitespace in its server responses represents one of the characteristics Fox-IT has been leveraging to identify Cobalt Strike Servers, with high confidence, for the

Writing YARA rules based on executable code within malware can be a tedious task. An analyst cannot simply copy and paste raw executable code into a YARA rule, because this code contains variable values, such as memory addresses and offsets. The analyst has to disassemble the code and wildcard all the pieces in the code that can change between samples. mkYAR

If you are a desktop user, you probably think that using a service such as Avira or Avast is enough to safeguard your information from attacks. You are so far from being genuinely safe with this type of software that is almost sweet to believe that these tools can adequately protect your personal data. The internet is still a scary place for many people and

An international anti-cyberattack company called Group-IB has issued a report which investigates JavaScript Sniffers at length. In case you’re wondering, JavaScript sniffers are a special kind of malware that’s very efficient at stealing customer payment data directly from online stores. Currently, JS-sniffers can be found in over 2,440 e-commerce stores, wh

They say that hacking is one of the most frowned upon processes to take part in, and while that may be true, there are plenty of people out there hacking for the “greater good”. All of the information that you’ll be reading through within this article is to be used for personal use only – this is merely a way to go about retrieving an account that you&