Uptycs Blog

Welcome! The Uptycs blog is for security professionals and osquery enthusiasts interested in exploring new ideas in cloud security. We hope you’ll enjoy our blog enough to subscribe and share.

When Gatekeeper looks the other way: Alerting on the new macOS vulnerability [April 2021]

When Gatekeeper looks the other way: Alerting on the new macOS vulnerability [April 2021]

Earlier this week Apple issued an update to macOS Big Sur bringing it up to version 11.3. This update included a security fix for a vulnerability within the macOS Gatekeeper security system, and given the ID of “CVE 2021-30657”. This vulnerability was disclosed to Apple by an expert macOS Security Researcher Cedric Owens (Twitter: @cedowens, GitHub: cedowens).

Where secrets lie: Reduce credential leakage risk by inventorying AWS access keys

Where secrets lie: Reduce credential leakage risk by inventorying AWS access keys

Long-term cloud credentials are oftentimes (intentionally or accidentally) littered in source code, laptops/desktops, servers, cloud resources, etc. It’s easy for credentials to be copied across machines, creating sprawl that is at best, difficult to manage and at worst, unnecessarily increasing leakage risk. Furthermore, these types of credentials are only necessary when non-cloud infrastructure resources need to communicate with cloud resources; for example, data center servers trying to use AWS S3 bucket. Generally speaking, there is no good reason to have long term credentials anywhere else—employees should instead use temporary credentials by authenticating with the SSO service. 

Use Uptycs and osquery to secure your AWS Fargate containers on ECS

Use Uptycs and osquery to secure your AWS Fargate containers on ECS

AWS Elastic Container Service (ECS) and Elastic Kubernetes Service (EKS) require provisioning of compute resources to run container workloads.

Detecting Docker escapes using osquery and Uptycs

Detecting Docker escapes using osquery and Uptycs

Docker escape techniques allow an attacker to break out to the host system from a container. This is generally achieved by exploiting various misconfigurations in Docker. Broadly, the escape techniques fall into two categories:

Silver Sparrow macOS malware detection with Uptycs

Silver Sparrow macOS malware detection with Uptycs

Late last week cybersecurity company Red Canary published an article revealing a new strain of macOS malware they discovered. Looking at data provided by Malwarebytes they determined that this new malware, which they dubbed “Silver Sparrow,” had already infected nearly 30,000 macOS endpoints around the world.

Get started using osquery for container security

Get started using osquery for container security

The following is adapted from Ryan Mack’s talk “Containers and osquery,” presented at osquery@scale ‘21. Ryan’s full presentation is available at the end of this piece.

We need as much visibility as possible into everything going on in our containers to effectively detect security problems in container-based environments. We also need to apply the unique properties of containers to create high-fidelity detection rules.

Osquery can meet both of these needs.

Page 1 of 12: