In March 2024, the Sysdig Threat Research Team (TRT) began observing attacks against one of our Hadoop honeypot services from the domain “rebirthltd[.]com.” Upon investigation, we discovered that the domain …
Author: Sysdig
The Sysdig Threat Research Team (TRT) recently observed a new attack that leveraged stolen cloud credentials in order to target ten cloud-hosted large language model (LLM) services, known as LLMjacking. …
The Sysdig Threat Research Team (TRT) is on a mission to help secure innovation at cloud speeds.
A group of some of the industry’s most elite threat researchers, the Sysdig …
This is part two in our series on building honeypots with Falco, vcluster, and other assorted open source tools. For the previous installment, see Building honeypots with vcluster and Falco: …
The Sysdig Threat Research Team (Sysdig TRT) recently discovered a long-running botnet operated by a Romanian threat actor group, which we are calling RUBYCARP. Evidence suggests that this threat actor …
The Sysdig Threat Research Team (TRT) discovered a malicious campaign using the blockchain-based Meson service to reap rewards ahead of the crypto token unlock happening around March 15th. Within minutes, …
The Sysdig Threat Research Team (TRT) discovered the malicious use of a new network mapping tool called SSH-Snake that was released on 4 January 2024. SSH-Snake is a self-modifying worm …
This is the first article in a series focusing on syscall evasion as a means to work around detection by security tools and what we can do to combat such …
On January 31st 2024, Snyk announced the discovery of four vulnerabilities in Kubernetes and Docker.
CVE-2024-21626: CVSS – High, 8.6 CVE-2024-23651: CVSS – High, 8.7 CVE-2024-23652: CVSS – Critical,…Public cloud infrastructure is, by now, the default approach to both spinning up a new venture from scratch and rapidly scaling your business. From a security perspective, this is a …
The Sysdig Threat Research Team discovered techniques that allowed the AWS WAF to be bypassed using a specialized DOM event. Web Application Firewalls (WAFs) serve as the first line of …
On Oct. 11, a new version of curl (8.4.0) was released where a couple of new vulnerabilities were fixed (CVE-2023-38545 with severity HIGH and CVE-2023-38546 with severity LOW). These issues …
Recently, Qualys discovered and reported a critical vulnerability affecting the popular GLIBC ecosystem, which is installed by default on most Linux-based operating systems. Specifically, a buffer overflow was found in …