Containerized applications deliver exceptional speed and flexibility, but they also bring complex security challenges, particularly in managing and mitigating vulnerabilities within container images. To tackle these issues, we are excited to introduce Layered Analysis — an important enhancement that provides precise and actionable security insights. What’s New: Layered Analysis Capabilities Layered Analysis enhances our container security toolkit by offering a granular view of container images, breaking them down into their composing layers. This capability enables more accurate identification ..read more

The Sysdig Threat Research Team (TRT)  is on a mission to help secure innovation at cloud speeds. A group of some of the industry’s most elite threat researchers, the Sysdig TRT discovers and educates on the latest cloud-native security threats, vulnerabilities, and attack patterns. We are fiercely passionate about security and committed to the cause. Stay up to date here on the latest insights, trends to monitor, and crucial best practices for securing your cloud-native environments. Below, we will detail the latest research and how we have improved the security ecosystem. And if you wan ..read more

The Sysdig Threat Research Team (TRT) continued observation of the SSH-Snake threat actor we first identified in February 2024. New discoveries showed that the threat actor behind the initial attack expanded its operations greatly, justifying an identifier to further track and report on the actor and campaigns: CRYSTALRAY. This actor previously leveraged the SSH-Snake open source software (OSS) penetration testing tool during a campaign exploiting Confluence vulnerabilities.  The team’s latest observations show that CRYSTALRAY’s operations have scaled 10x to over 1,500 victims and now inc ..read more

On July 1st, the Qualys’s security team announced CVE-2024-6387, a remotely exploitable vulnerability in the OpenSSH server. This critical vulnerability is nicknamed “regreSSHion” because the root cause is an accidental removal of code that fixed a much earlier vulnerability CVE-2006-5051 back in 2006. The race condition affects the default configuration of sshd (the daemon program for SSH). OpenSSH versions older than 4.4p1 – unless patched for previous CVE-2006-5051 and CVE-2008-4109) – and versions between 8.5p1 and 9.8p1 are impacted. The general guidance is to update the versions. Ubuntu ..read more

May you live in interesting times, the saying goes. And that we do. The EU elections are over, and the winners are in: scores of liberals and Greens are out, while the conservatives have grown in numbers. While we lament the rise of far-right parties across the Union entering the Parliament, Member State leaders discuss the “EU top jobs” and the composition of the new class of Commissioners. As of July 1, the EU’s enfant terrible Viktor Orbán is set to take up the rotating presidency of the EU; the Presidency will set strategic directions for the coming months while the new Parliament is set u ..read more

For the Sysdig Customer Success team, our mission is simple: ensuring that our customers get the most value from our product. Usually that means helping them use the product, answering questions, and requesting feature enhancements. In our line of work, sometimes you have to throw out the usual playbook to make things happen.  This particular story started when we noticed a change in a customer’s agent usage. The customer in question was a company operating in the financial industry, and their primary use of our product was in Posture Management, Vulnerability Management, and Threat Detec ..read more

In the last decade, outsourcing to third parties–especially in the gig economy–has taken over key functions that enterprises used to handle internally. Today’s companies are frequently virtual–using third-party services that span the likes of application development, back-office corporate functions, contract manufacturing and research, marketing, and core IT services. Few enterprises these days have a complete list of every downstream third-party provider that the company relies upon to support its business operations. Each of these relationships introduce potentially material risk to the comp ..read more

This is an analysis of the impacts and implications on cybersecurity practices, benefits, challenges, and how to deal with the transition to the new NIST CSF 2.0 framework. NIST released an update to its Cyber Security Framework (CSF) in February 2024. Two of the most obvious takeaways from this version are the addition of a new pillar and the expansion of its application beyond critical infrastructure. There is another update in this version which is what we will focus on, and that is the importance of continuous improvement and feedback.   The expansion to cover all industries is a ..read more

How long does it take your security teams to detect a potential threat, correlate relevant data, and initiate a response action? The 555 Benchmark for Cloud Detection and Response challenges organizations to detect a threat within 5 seconds, correlate data within 5 minutes, and initiate a response within 5 minutes. It is not just something you can implement or use to solve your cloud security struggles. It is about testing and improving your cloud security operations and processes. 555 is a framework by which you can shift your organization’s security mindset because you have 10 minutes or les ..read more

Cloud breaches continue to rise unabated as organizations adopt hybrid cloud strategies. Many organizations have tried to simply extend their preexisting on-premises security into the cloud, but the cloud is a fundamentally different environment for security. It’s faster, more complex, and more dynamic, with an ever-increasing attack surface. Striking first means adversaries have a head start by default, leaving organizations only a fraction of time to investigate and initiate a response.   With all this in mind, it’s no surprise that according to Forrester research, “cloud detection ..read more