Silver Sparrow macOS malware detection with Uptycs
Late last week cybersecurity company Red Canary published an article revealing a new strain of macOS malware they discovered. Looking at data provided by Malwarebytes they determined that this new malware, which they dubbed “Silver Sparrow,” had already infected nearly 30,000 macOS endpoints around the world.
Get started using osquery for container security
The following is adapted from Ryan Mack’s talk “Containers and osquery,” presented at osquery@scale ‘21. Ryan’s full presentation is available at the end of this piece.
We need as much visibility as possible into everything going on in our containers to effectively detect security problems in container-based environments. We also need to apply the unique properties of containers to create high-fidelity detection rules.
Osquery can meet both of these needs.
Tagged as: osquery, containers
Use cloudquery and osquery to simplify your cloud monitoring
With the shift toward cloud computing, many organizations have at least some footprint in the cloud. Thus it becomes important to secure both your on-prem and cloud infrastructure.
Cloudquery, which runs as an extension of osquery, simplifies the visualization and monitoring of all your cloud resources. It creates a seamless integration of cloud telemetry with the rest of your osquery-powered telemetry.
Tagged as: osquery, cloud monitoring, cloud security, cloudquery
Kubequery brings the power of osquery to Kubernetes clusters
Osquery has made a tremendous positive impact in the fields of operating system observability and security analytics. It is widely used for fleet management, incident response, real-time monitoring, and for numerous other cases. While osquery became a de facto standard for IT and security teams in many organizations, Kubernetes (K8s) was emerging as a popular platform for containerized application orchestration and deployment.
Tagged as: osquery, Kubernetes, containers, orchestration, kubequery
Osquery has grown in popularity because of its broad applicability in enterprise environments. What’s next for the open source project?
You should be using AWS IMDSv2: Here’s why and how to do it
Organizations should transition EC2 instances to use Instance Metadata Service Version 2 (IMDSv2) because IMDSv1 is susceptible to server-side request forgery (SSRF) attacks. Uptycs customers should be cautious about enabling the curl
table in osquery. Uptycs has updated our version of osquery to work with IMDSv2, and we’ve implemented a rule to help customers identify EC2 instances using the vulnerable metadata service.
Subscribe for new posts
Popular Posts
- Building Your Cyber Security Strategy: A Step-By-Step Guide
- 8 Docker Security Best Practices To Optimize Your Container System
- SOC 2 Compliance Requirements: Essential Knowledge For Security Audits
- Intro to Osquery: Frequently Asked Questions for Beginners
- Warzone RAT comes with UAC bypass technique