Uptycs' threat research team identified an XLS document that downloaded a highly vicious payload named Warzone RAT. The payload, also known as “Ave Maria stealer,” can steal credentials and log keystrokes on the victim’s machine. Checkpoint mentioned Warzone early this year when the malware was in its early stage of development.
Despite the fact that Linux server endpoints comprise 90% of cloud workloads and a majority of on-premises enterprise workloads, they don’t usually get as much attention as productivity endpoints. Most EDR solutions focus on end users and don’t meet the unique requirements for production Linux servers, such as the need for 100% uptime and low resource consumption.
Today, Uptycs is introducing enhanced detection capabilities, including a new detections UI that correlates signals (events and alerts), assigns a composite threat score, and maps the associated signals to the MITRE ATT&CK matrix. This new experience equips analysts with the context they need to quickly triage their detections queue without feeling like they’re missing anything. Watch the demo video below to see the new functionality in action.
Osquery is a powerful tool that allows you to investigate and monitor a myriad of endpoint activity, status, and configuration information through a unified SQL interface. Inside osquery, there's typically a 1:1 correspondence between a source of information and the SQL table you can use to browse or search this information. Some sources of information include parts of the /proc file system, API calls to container daemons, reading logs or status files on disk, and event streams coming from the Linux audit frame.
As user-driven security expands, the need for securing user-managed systems grows. Disk encryption is an essential and straightforward way to shore up user security.
In a previous tutorial, we discussed gathering software inventory, including Chrome extensions.
Knowing what you have is half the battle. But once you know what you have, how do you decide what you should keep?