Silver Sparrow macOS malware detection with Uptycs
Late last week cybersecurity company Red Canary published an article revealing a new strain of macOS malware they discovered. Looking at data provided by Malwarebytes they determined that this new malware, which they dubbed “Silver Sparrow,” had already infected nearly 30,000 macOS endpoints around the world.
Recent trends in malicious document techniques, targets, and attacks
Research by Ashwin Vamshi and Abhijit Mohanta
The Uptycs threat research team is monitoring ongoing targeted attacks and trends. We’ve recently seen threat actors and APT groups frequently using two document-based techniques: template injection and the Equation Editor exploit. In this piece, we’ll cover these oft-used techniques and provide details on the APT groups applying them.
Tagged as: EDR, threat research
Get started using osquery for container security
The following is adapted from Ryan Mack’s talk “Containers and osquery,” presented at osquery@scale ‘21. Ryan’s full presentation is available at the end of this piece.
We need as much visibility as possible into everything going on in our containers to effectively detect security problems in container-based environments. We also need to apply the unique properties of containers to create high-fidelity detection rules.
Osquery can meet both of these needs.
Tagged as: osquery, containers
Use cloudquery and osquery to simplify your cloud monitoring
With the shift toward cloud computing, many organizations have at least some footprint in the cloud. Thus it becomes important to secure both your on-prem and cloud infrastructure.
Cloudquery, which runs as an extension of osquery, simplifies the visualization and monitoring of all your cloud resources. It creates a seamless integration of cloud telemetry with the rest of your osquery-powered telemetry.
Tagged as: osquery, cloud monitoring, cloud security, cloudquery
Sudo local privilege escalation (CVE-2021-3156) detection using osquery and Uptycs
Recently a heap-based buffer overflow vulnerability was discovered in the sudo utility by Qualys. Sudo is a command-line utility that allows a user to run commands in the context of other users with proper authentication. The vulnerability lets any user escalate the privileges to the root user. Qualys has shared technical details in their blog post, so in this post I’ll focus on how osquery and Uptycs can be used to detect the exploit and unpatched systems
Tagged as: threat hunting, vulnerability assessment, threat management, EDR
Kubequery brings the power of osquery to Kubernetes clusters
Osquery has made a tremendous positive impact in the fields of operating system observability and security analytics. It is widely used for fleet management, incident response, real-time monitoring, and for numerous other cases. While osquery became a de facto standard for IT and security teams in many organizations, Kubernetes (K8s) was emerging as a popular platform for containerized application orchestration and deployment.
Tagged as: osquery, Kubernetes, containers, orchestration, kubequery
Subscribe for new posts
Popular Posts
- Building Your Cyber Security Strategy: A Step-By-Step Guide
- 8 Docker Security Best Practices To Optimize Your Container System
- SOC 2 Compliance Requirements: Essential Knowledge For Security Audits
- Intro to Osquery: Frequently Asked Questions for Beginners
- Warzone RAT comes with UAC bypass technique