Log4Shell (Log4j RCE): Detecting Post-Exploitation Evidence is Best Chance for Mitigation
Vulnerabilities like Log4Shell (CVE-2021-44228) are difficult to contain using traditional mitigation options and they can be hard to patch. It can be hard to...
Implement these MITRE D3FEND™ Techniques with Intezer Protect
The MITRE Corporation released D3FEND™ (aka MITRE DEFEND™), a complementary framework to its industry acclaimed MITRE ATT&CK® matrix. MITRE D3FEND provides defense techniques...
Conducting Digital Forensics Incident Response (DFIR) on an Infected GitLab Server
GitLab servers are under attack with a now-patched critical vulnerability Earlier this week we investigated an incident that occurred on a new...
Exposed Prefect Workflows Could Lead to Disruptive Attacks
Workflow management platforms are powerful tools for automating and managing complex tasks. Integrating workflow platforms can help companies coordinate and ease their...
7 Factors to Consider When Choosing a Cloud Workload Protection Platform (CWPP)
Cloud Workload Protection Platforms (CWPPs) are a new generation of modern, scalable security solutions designed to protect applications in today’s landscape of...
Misconfigured Airflows Leak Thousands of Credentials from Popular Services
This research refers to misconfigured Apache Airflow managed by individuals or organizations (“users”). As a result of the misconfiguration, the credentials of...
Essential Security Tools for GCP
Cloud security constructs are always aligned with the concept of shared responsibility. GCP emulates this principle with its own shared responsibility model,...
Vermilion Strike: Linux and Windows Re-implementation of Cobalt Strike
Key Findings Discovered Linux & Windows re-implementation of Cobalt Strike Beacon written from scratchLinux malware is fully undetected by vendorsHas IoC and...
What is a Cloud Workload Protection Platform (CWPP)? And Why Do You Need It?
The cloud has completely transformed the IT landscape over the last few years. And it’s now entering a new era of hybrid-cloud...
New Attacks on Kubernetes via Misconfigured Argo Workflows
Key Points Intezer has detected a new attack vector against Kubernetes (K8s) clusters via misconfigured Argo Workflows instances. Attackers are already taking advantage of this...
Genetic Analysis and Lessons Learned from REvil Attack
Validating your Software Supply Chain for Tampering SolarWinds, Codecov and now Kaseya are the latest supply chain attacks we know about. In...
Top 10 Linux Server Hardening and Security Best Practices
If you have servers connected to the internet, you likely have valuable data stored on them that needs to be protected from...
Reduce the Attack Surface with These Unique Runtime Features
Prioritize immediate risks in your cloud production environment Recently added Intezer Protect features for reducing the likelihood of an attack have a unique...
9 Tools to Use Right Now to Improve Azure Platform Security
Security is changing as companies move their mission-critical workloads to the cloud, with Azure as one of the preferred destinations. Security in Azure follows...
CVE-2021-27075: Microsoft Azure Vulnerability Allows Privilege Escalation and Leak of Private Data
In this post I will explain how the Microsoft Azure Virtual Machine (VM) extension works and how we found a fatal vulnerability in...
Announcing Configuration Checks and Vulnerability Management
We’re excited to announce the release of two new Intezer Protect features. Intezer Protect now offers under the same roof not only...
2020 Set a Record for New Linux Malware Families
Intezer’s 2021 X-Force Threat Intel Index Highlights It was a lot of fun collaborating with IBM on their 2021 X-Force Threat Intelligence...
8 Reasons to Try Intezer Protect Community Edition
Last week we launched the community edition of Intezer Protect. With strong Linux threat detection, low overhead and no slowdown in performance, Intezer Protect is...
Intezer Protect Community Edition Now Available
Free runtime protection for your cloud workloads Get Started Today we go live with the Intezer Protect community edition. After a few months...
Community Beta Announcement
Update: Intezer Protect community edition is out of Beta and now available to everyone. Get Started Today we go live with the...