CTI Roundup: Monti ransomware targets VMware ESXi servers with new Linux locker
Raccoon Stealer malware reappears, AI adoption remains low among threat actors, and Monti ransomware targets VMware ESXi servers with new Linux locker.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
Linux
Container Security Fundamentals - Linux Namespaces (Part 2): The PID Namespace
In this video we continue our examination of Linux namespaces by looking at some details of how the PID namespace can be used to isolate a container’s view of processes running on the host, and how this feature can be used for troubleshooting container problems. To learn more read our blog on Datadog’s Security Labs site.
Setting Up Teleport (tsh) and Teleport Connect on Linux
In this video, we'll install Teleport's tsh user client on Linux. We'll also take a look at Teleport Connect which is a graphical user interface, desktop app.
Container Security Fundamentals - Linux namespaces part 1: The mount namespace
One of the technologies used by Linux containers to provide an isolated environment, is namespaces. They are used to provide a contained process with an isolated view of different Linux resources. In this video we look at some of the details of how Linux namespaces work and then take a more detailed look at the mount namespace which isolates a processes' view of its filesystem.
The Linux Crypto API for user applications
In this post we will explore Linux Crypto API for user applications and try to understand its pros and cons. The Linux Kernel Crypto API was introduced in October 2002. It was initially designed to satisfy internal needs, mostly for IPsec. However, in addition to the kernel itself, user space applications can benefit from it.
CVE-2023-29383: Abusing Linux chfn to Misrepresent /etc/passwd
A little bit of background for those not familiar with chfn… “chfn (change finger) is used to change your finger information. This information is stored in the /etc/passwd file and is displayed by the finger program.
4 ways to leverage existing kernel security features to set up process monitoring
The large attack surface of Kubernetes’ default pod provisioning is susceptible to critical security vulnerabilities, some of which include malicious exploits and container breakouts. I believe one of the most effective workload runtime security measures to prevent such exploits is layer-by-layer process monitoring within the container. It may sound like a daunting task that requires additional resources, but in reality, it is actually quite the opposite.
5 Tips for Linux Server Hardening
When installing a new Linux server, you should be aware that its level of security is very low by default, to allow as much functionality as possible. Therefore, performing basic hardening actions before the server is installed in production is crucial. CalCom Software is hardening RedHat / Linux.
Find threats: Cloud credential theft on Linux endpoints
The Sumo Logic Threat Labs team previously outlined the risks associated with unprotected cloud credentials found on Windows endpoints. This article builds on that work by providing detection and hunting guidance in the context of endpoints that run the Linux operating system. Although workloads that support business functionality are increasingly moving to the cloud, these workloads are often managed through an endpoint that is often found on premises.