Log4Shell (Log4j RCE): Detecting Post-Exploitation Evidence is Best Chance for Mitigation
Vulnerabilities like Log4Shell (CVE-2021-44228) are difficult to contain using traditional mitigation options and they can be hard to patch. It can be hard to...
Implement these MITRE D3FEND™ Techniques with Intezer Protect
The MITRE Corporation released D3FEND™ (aka MITRE DEFEND™), a complementary framework to its industry acclaimed MITRE ATT&CK® matrix. MITRE D3FEND provides defense techniques...
Conducting Digital Forensics Incident Response (DFIR) on an Infected GitLab Server
GitLab servers are under attack with a now-patched critical vulnerability Earlier this week we investigated an incident that occurred on a new...
Exposed Prefect Workflows Could Lead to Disruptive Attacks
Workflow management platforms are powerful tools for automating and managing complex tasks. Integrating workflow platforms can help companies coordinate and ease their...
7 Factors to Consider When Choosing a Cloud Workload Protection Platform (CWPP)
Cloud Workload Protection Platforms (CWPPs) are a new generation of modern, scalable security solutions designed to protect applications in today’s landscape of...
Misconfigured Airflows Leak Thousands of Credentials from Popular Services
This research refers to misconfigured Apache Airflow managed by individuals or organizations (“users”). As a result of the misconfiguration, the credentials of...
Vermilion Strike: Linux and Windows Re-implementation of Cobalt Strike
Key Findings Discovered Linux & Windows re-implementation of Cobalt Strike Beacon written from scratch Linux malware is fully undetected by vendors Has...
What is a Cloud Workload Protection Platform (CWPP)? And Why Do You Need It?
The cloud has completely transformed the IT landscape over the last few years. And it’s now entering a new era of hybrid-cloud...
New Attacks on Kubernetes via Misconfigured Argo Workflows
Key Points Intezer has detected a new attack vector against Kubernetes (K8s) clusters via misconfigured Argo Workflows instances. Attackers are already taking advantage of this...
Genetic Analysis and Lessons Learned from REvil Attack
Validating your Software Supply Chain for Tampering SolarWinds, Codecov and now Kaseya are the latest supply chain attacks we know about. In...
Top 10 Linux Server Hardening and Security Best Practices
If you have servers connected to the internet, you likely have valuable data stored on them that needs to be protected from...
9 Tools to Use Right Now to Improve Azure Platform Security
Security is changing as companies move their mission-critical workloads to the cloud, with Azure as one of the preferred destinations. Security in Azure follows...
CVE-2021-27075: Microsoft Azure Vulnerability Allows Privilege Escalation and Leak of Private Data
In this post I will explain how the Microsoft Azure Virtual Machine (VM) extension works and how we found a fatal vulnerability in...
Announcing Configuration Checks and Vulnerability Management
We’re excited to announce the release of two new Intezer Protect features. Intezer Protect now offers under the same roof not only...
2020 Set a Record for New Linux Malware Families
Intezer’s 2021 X-Force Threat Intel Index Highlights It was a lot of fun collaborating with IBM on their 2021 X-Force Threat Intelligence...
8 Reasons to Try Intezer Protect for Cloud Workload Protection
With strong Linux threat detection, low overhead and no slowdown in performance, Intezer Protect is built to overcome some of the challenges...