Threat Research Archives

Detecting CVE-2022-0185 Container escapes

CVE-2022-0185: Detecting and mitigating Linux Kernel vulnerability causing container escape

This week, Linux maintainers and vendors disclosed a heap overflow vulnerability in the Linux Kernel. The vulnerability has been issued…

January 21, 2022 by Jason Avery

Vulnerable AWS Lambda function – Initial access in cloud attacks

Our security research team will explain a real attack scenario from the black box and white box perspective on how…

January 18, 2022 by Stefano Chierici

Colors.js and faker.js were malicious modified affecting thousands

Malicious modifications to open source projects affecting thousands – Sysdig Secure

In the early days of 2022, two extremely popular JavaScript open source packages, colors.js, and faker.js, were modified to the…

January 12, 2022 by Alberto Pellitteri

Blocking log4j with Response Actions – Sysdig Secure

The situation involving the log4j ( log4shell ) vulnerability has been rapidly evolving since its release a little over a…

December 21, 2021 by Michael Clark

Exploiting, Mitigating, and Detecting CVE-2021-44228: Log4j Remote Code Execution (RCE)

A new critical vulnerability has been found in log4j, a widely-used open-source utility used to generate logs inside java applications….

December 15, 2021 by Stefano Chierici

Mitigating log4j with Runtime-based Kubernetes Network Policies

A critical vulnerability, CVE-2021-44228 known as “log4shell,” in Apache’s log4j was revealed on December 10th, 2021, and has already seen…

December 13, 2021 by Michael Clark

Critical vulnerability in log4j, a widely used logging library

Security researchers recently disclosed the vulnerability CVE-2021-44228 in Apache’s log4j, which is a common Java-based library used for logging purposes….

December 10, 2021 by Michael Clark

Threat news: TeamTNT stealing credentials using EC2 Instance Metadata

The Sysdig Threat Research Team has detected an attack that can be attributed to the TeamTNT. The initial target was…

December 7, 2021 by Alberto Pellitteri

Hands-On Muhstik Botnet: crypto-mining attacks targeting Kubernetes

Malware is continuously mutating, targeting new services and platforms. The Sysdig Security Research team has identified the famous Muhstik Botnet…

November 16, 2021 by Stefano Chierici

Malware analysis: Hands-On Shellbot malware

Malware analysis is a fundamental factor in the improvement of the incident detection and resolution systems of any company. The…

November 2, 2021 by Alberto Pellitteri

Threat news: Tsunami malware mutated. Now targeting Jenkins and Weblogic services

The Tsunami malware is back! Although it appeared for the first time several years ago, the Sysdig Research Team has…

October 26, 2021 by Alberto Pellitteri

How to mitigate kubelet’s CVE-2021-25741: Symlink exchange can allow host filesystem access

CVE-2021-25741 is a new vulnerability discovered in Kubernetes that allows users to create a container with subpath volume mounts to…

September 24, 2021 by Alberto Pellitteri

<img alt="" class="h-8 md:h-10 lg:h-12 mb-0 mr-2 lg:mr-3" src="https://sysdig.com/wp-content/uploads/icon-forensics.svg">Threat Research

Topics

Threat Research