Uptycs Blog

Welcome! The Uptycs blog is for security professionals and osquery enthusiasts interested in exploring new ideas in cloud security. We hope you’ll enjoy our blog enough to subscribe and share.

Osquery and JA3: Detecting Malicious Encrypted Connections Locally

Osquery and JA3: Detecting Malicious Encrypted Connections Locally

Network traffic encryption is increasing. This increase is driven by demand for privacy protection and the availability of great services for deploying certificates for free. According to Google’s Transparency Report, 88% of web traffic performed on Chrome for Windows is encrypted, and that number is higher for macOS, Android, and ChromeOS. The encryption trend is even clearer when you look at the percentage of HTTPS browsing time in the Transparency Report. At the same time, malware is also following this trend, as the increased security allows attackers to evade some detection mechanisms.

Harnessing the AWS Nitro Architecture to Encrypt Inter-Node Traffic in Kubernetes

Harnessing the AWS Nitro Architecture to Encrypt Inter-Node Traffic in Kubernetes

Kubernetes nodes – the machines responsible for running your container workloads – can come in a number of shapes, sizes, and configurations. One common deployment pattern, however, is a lack of in-transit encryption between them.

Another common deployment pattern? Lack of TLS support on the container workloads themselves. After all, who wants to set up and manage a PKI (Public-Key Infrastructure) and a private CA (Certificate Authority) for tens or hundreds of microservices, and get the certificates to be trusted by all workloads? I don’t know about you, but that doesn’t sound like a lot of fun to me.

SOC 2 Compliance Requirements: Essential Knowledge For Security Audits

SOC 2 Compliance Requirements: Essential Knowledge For Security Audits

For many security-conscious businesses looking for a SaaS provider, SOC 2 compliance is a minimal requirement. Unfortunately, many providers aren't sure how to implement SOC 2 compliance requirements, as they are inherently vague.

macOS Bundlore: Is New Code Being Tested in Old Adware?

macOS Bundlore: Is New Code Being Tested in Old Adware?

macOS Bundlore is one of the most popular macOS adware installers. It either comes bundled with pirated applications, or from the web, prompting users to install or update Flash. Though the majority of browsers now have limited support for Flash, it is still a favorite mechanism for infecting systems. 

Detecting Docker Container Malware using osquery

Detecting Docker Container Malware using osquery

In recent times we are seeing an increased number of Docker container malware. Attackers scan the internet to identify the misconfigured Docker engine API installations to install the malicious images or run commands to install the malware. Access to the Docker engine API can provide an attacker fine control over the Docker installation enabling him/her to create, delete, dump and run commands in the containers, although the majority of the malware seen to-date are either using system resources for crypto mining or denial of service attacks. In general, the container is an encapsulated environment to run the application so it can be used for any activity from proxies to botnet services and can easily become part of attacker infrastructure to distribute malware.

8 Docker Security Best Practices To Optimize Your Container System

8 Docker Security Best Practices To Optimize Your Container System

Docker is a software platform that makes it easier to create, deploy, and run applications. It was built so environments would be easy to replicate, giving teams a quick and easy way of deploying programs and updates.

Page 1 of 14: