Uptycs Blog

Welcome! The Uptycs blog is for security professionals and osquery enthusiasts interested in exploring new ideas in cloud security. We hope you’ll enjoy our blog enough to subscribe and share.

macOS Bundlore: Is New Code Being Tested in Old Adware?

macOS Bundlore: Is New Code Being Tested in Old Adware?

macOS Bundlore is one of the most popular macOS adware installers. It either comes bundled with pirated applications, or from the web, prompting users to install or update Flash. Though the majority of browsers now have limited support for Flash, it is still a favorite mechanism for infecting systems. 

Detecting Docker Container Malware using osquery

Detecting Docker Container Malware using osquery

In recent times we are seeing an increased number of Docker container malware. Attackers scan the internet to identify the misconfigured Docker engine API installations to install the malicious images or run commands to install the malware. Access to the Docker engine API can provide an attacker fine control over the Docker installation enabling him/her to create, delete, dump and run commands in the containers, although the majority of the malware seen to-date are either using system resources for crypto mining or denial of service attacks. In general, the container is an encapsulated environment to run the application so it can be used for any activity from proxies to botnet services and can easily become part of attacker infrastructure to distribute malware.

8 Docker Security Best Practices To Optimize Your Container System

8 Docker Security Best Practices To Optimize Your Container System

Docker is a software platform that makes it easier to create, deploy, and run applications. It was built so environments would be easy to replicate, giving teams a quick and easy way of deploying programs and updates.

How To Use Anomaly Detection for Application Allowlisting

How To Use Anomaly Detection for Application Allowlisting

The ability to identify anomalies within a computing environment is critical. Anomalies—events outside the norm—sometimes indicate security incidents, and usually prompt investigation. Whether they ultimately represent a security threat or not, anomalies are a leading indicator of something gone awry, which is why anomaly detection is a powerful tactic.

Endpoint Visibility: 5 Best Practices To Optimize Your Security

Endpoint Visibility: 5 Best Practices To Optimize Your Security

Endpoint visibility is crucial because most attacks begin on endpoints used by people—not the firewall or your servers. Typically, attackers gain control over these entry points to the network through techniques like phishing; from there, they can move laterally to access your servers. This type of activity currently accounts for over 80% of reported incidents, according to CSO.

Should We Blocklist Newly Registered Domains?

Should We Blocklist Newly Registered Domains?

Uptycs' threat intelligence team collects over a million indicators every week to provide the latest threat data. All of this data is downloaded from more than 40 publicly available sources which we then put into eight categories including:

Page 3 of 16: