Book a Demo

Tag: Cloud Security

Make your First Malware Honeypot in Under 20 Minutes

For a free honeypot, you can use one of the several open-source options listed below. A “honeypot” is a metaphor that references using honey as bait for a lure or trap. Honeypots have served many purposes in history, including recruiting spies and catching criminals in real life. Honeypots have also long made their way into […]

Misconfigured Airflows Leak Thousands of Credentials from Popular Services

This research refers to misconfigured Apache Airflow managed by individuals or organizations (“users”). As a result of the misconfiguration, the credentials of users are exposed, including their own credentials to the different platforms, applications and services mentioned in this article. This article doesn’t refer to exposed credentials of the entities behind the development of the […]

Guide to Digital Forensics Incident Response in the Cloud

Enterprises today rely on a wide range of cloud services—infrastructure as a service (IaaS), platform as a service (PaaS), software as a service (SaaS), and more—to meet their business needs. But the growing popularity of cloud has also led to an increase in attacks on cloud infrastructure, and thus the need for companies to develop strong […]

New Attacks on Kubernetes via Misconfigured Argo Workflows

Key Points Overview Kubernetes (K8s) is revolutionizing the cloud computing environment, having become the most popular platform for container orchestration. It is also one of the most popular repositories on GitHub, with over 100,000 commits and over 3,000 contributors. Each year there is a steady increase in enterprises using Kubernetes and the number of clusters they deploy. […]

Why Relying on the Cloud Provider for Security is Not Enough

73% of organizations using the cloud are not sure which parts of security fall under their responsibility. Ultimately, the customer is responsible for security in the cloud, meaning protecting the workloads (applications and code) hosted on top of the virtual resources created in the cloud provider’s platform. Whereas the cloud provider is responsible for the security of the […]

HabitsRAT Used to Target Linux and Windows Servers

We have discovered a new malware written in Go, which we are calling HabitsRAT, targeting both Windows and Linux machines. The Windows version of the malware was first reported on by Brian Krebs and The Shadowserver Foundation in attacks against Microsoft Exchange servers. In addition to this version, we have identified a newer Windows variant and a variant […]

How to Secure Cloud Non-Native Workloads

Not All Applications are Cloud-Native Companies are adopting cloud at a faster pace but not all applications are born cloud-native. Many traditional applications are simply “lifted and shifted” to the cloud as a first step in the cloud transformation journey. Such deployments often use monolithic architectures, where all of the application components are packed in […]

Royal Flush: Privilege Escalation Vulnerability in Azure Functions

One of the most common benefits of transitioning to cloud services is the shared responsibility for securing your assets. But cloud providers are not immune to security mistakes such as a vulnerability or misconfiguration. This is the second escalation of privileges (EoP) vulnerability we have found in Azure Functions in the last few months. We worked […]

Rocke Group Actively Targeting the Cloud: Wants Your SSH Keys

New Malware Variant Exploits Production Environment Rocke Group is a Chinese-based threat actor most known for running cryptojacking malware on Linux machines. The group has been active since 2018 and continues to evolve by modifying its tools and techniques to stay evasive. In 2019, we reported that Rocke Group was competing with Pacha Group for cryptomining positioning on Linux-based […]