Kubernetes 1.30 is on the horizon, and it’s packed with fresh and exciting features! So, what’s new in this upcoming release? Kubernetes 1.30 brings a plethora of enhancements, including a blend of 58 new and improved features. From these, several are graduating to stable, including the highly anticipated Container Resource Based Pod Autoscaling, which refines the capabilities of the Horizontal Pod Autoscaler by focusing on individual container metrics. New alpha features are also making their debut, promising to revolutionize how resources are managed and allocated within clusters. Watch out ..read more

The recent discovery of a backdoor in XZ Utils (CVE-2024-3094), a data compression utility used by a wide array of various open-source, Linux-based computer applications, underscores the importance of open-source software security. While it is often not consumer-facing, open-source software is a critical component of computing and internet functions, such as secure communications between machines. Open source software (abbreviated as OSS) has become a cornerstone of the tech industry, influencing everything from small startups to global corporations. Despite its ubiquitous presence and foundat ..read more

This is part two in our series on building honeypots with Falco, vcluster, and other assorted open source tools. For the previous installment, see Building honeypots with vcluster and Falco: Episode I. When Last We Left our Heroes In the previous article, we discussed high-interaction honeypots and used vcluster to build an intentionally-vulnerable SSH server inside of its own cluster so it couldn’t hurt anything else in the environment when it got owned. Then, we installed Falco on the host and proceeded to attack the SSH server, watching the Falco logs to see the appropriate rule trigger whe ..read more

The Sysdig Threat Research Team (Sysdig TRT) recently discovered a long-running botnet operated by a Romanian threat actor group, which we are calling RUBYCARP. Evidence suggests that this threat actor has been active for at least 10 years. Its primary method of operation leverages a botnet deployed using a variety of public exploits and brute force attacks. This group communicates via public and private IRC networks, develops cyber weapons and targeting data, and uses its botnet for financial gain via cryptomining and phishing. This report explores how RUBYCARP operates and its motivations.&n ..read more

On March 29th, 2024, a backdoor in a popular package called XZ Utils was announced on the Openwall mailing list. This utility includes a library called liblzma which is used by SSHD, a critical part of the Internet infrastructure used for remote access. When loaded, the CVE-2024-3094 affects the authentication of SSHD potentially allowing intruders access regardless of the method. Affected versions: 5.6.0, 5.6.1 Affected Distributions: Fedora 41, Fedora Rawhide *At the time of this writing Background A malicious threat actor was able to commit code to the XZ Utils Github repository on February ..read more

The SEC cybersecurity disclosure rules have put a spotlight on the issue of cybersecurity within organizations. The core of the rules and related guidance can be found in the article “Assess Your Readiness Now for the SEC Cybersecurity Disclosure Rules.“ The SEC cybersecurity disclosure rules should help build momentum around the importance of governance and risk management, relevant expertise, and timely incident disclosure that are fundamental to cybersecurity programs. The disclosure rules won’t address all the inherent challenges of cybersecurity. But it’s worth further examination into th ..read more

The SEC’s new ‘Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure’ rule (issued on July 26, 2023) has public companies, notably smaller companies, worrying about having enough cybersecurity expertise to run a security program consistent with SEC requirements. It’s important to remember that the SEC is expanding upon previously conveyed expectations that investors should be timely-informed of material risks and how the organization is mitigating these identified risks. To that aim, companies need to follow basic security best practices and maintain effective cybersecur ..read more

Back in August 2023, Checkmarx and Sysdig announced a new partnership. This collaboration enables customers of both Checkmarx and Sysdig to leverage the comprehensive visibility offered by Sysdig Runtime Insights to get even more value from the Checkmarx One application security platform. Nowadays, an increasing number of companies are eager to integrate runtime intelligence into their security tools. This innovative approach yields numerous benefits, such as noise reduction, and provides developers and security teams with the necessary context to focus and address the most critical issues fir ..read more

In an era where cloud attacks and threats are happening very fast and constantly evolving, the European Union (EU) has stepped up its cybersecurity game with two new regulations: the Digital Operational Resilience Act (DORA) and the revised Directive on Security of Network and Information Systems (NIS2). With more strict requirements on compliance controls and breach disclosures, these regulations are set to transform how businesses manage their cyber risks in Europe. If you’re feeling overwhelmed by these changes, you’re not alone. That’s where Sysdig comes in. As the first CNAPP to offer out ..read more

It is impressive how explosively the cloud security market has embraced detection and response in recent months. The industry, including both users and vendors, is rapidly acknowledging the complexity of modern cloud attacks. Facilitated by automation and APIs, attacks cannot be effectively countered with traditional solutions that lack context of cloud environments or focus solely on posture. Sysdig has been aware of this for quite some time. Sysdig began our journey, having created Falco, the open source standard for cloud-native threat detection and response. More recently, our Threat Resea ..read more