Blog

Art Into Science: Conference Overview & Securing K8s

Photo via Art into Science 2019 Last week we had the pleasure of attending and presenting at Art into Science: A Conference for Defense (ACoD) 2019. It was a blast listening to a variety of amazing talks, and speaking on Kubernetes security. In this post, we share background on the conference, discuss some of our […]

Read More…

Your etcd is Showing: Thousands of Clusters Open to the Internet

Photo by Matt Artz on Unsplash Usage of the distributed key-value store etcd is at an all time high. The fastest growing open source project Kubernetes uses etcd to store data critical to the operation of its clusters. Like many open source, easy to use data stores, the simplicity of setup is a double edged sword. […]

Read More…

ELF of the Month_ Latest Lucky Ransomware Sample

ELF of the Month: New Lucky Ransomware Sample

Photo by Kiki Wang on Unsplash News broke in late November 2018 about a ransomware variant dubbed Lucky Ransomware that targets both Linux and Windows platforms. A recent sample of the ransomware module was uploaded to VirusTotal in mid-December 2018 with some different characteristics than previously reported samples. In this month’s edition of ELF of the […]

Read More…

Kubernetes CVE-2018-1002105

On December 3rd a critical Kubernetes vulnerability was announced under CVE-2018-1002105. This vulnerability scored a 9.8 out 10 on the Common Vulnerability Scoring System (CVSS). The vulnerability stems from an issue with Kubernetes API Server (kube-apiserver) handling proxy requests when upgrading to WebSockets. The vulnerability ultimately can allow authenticated and unauthenticated users to make API […]

Read More…

ELF of the Month_ Linux DDoS Malware Sample

ELF of the Month: Linux DDoS Malware Sample

Each month we take a look at a malicious Executable and Linkable Format (ELF) file, the common executable file format for Unix and Unix-like Operating Systems, and share details about the sample. In this edition of ELF of the Month we take a look at a Linux DDoS sample recently uploaded to VirusTotal. This particular […]

Read More…

Securing Innovation in the Public Cloud

Securing Innovation in the Public Cloud

Photo by Clayton Holmes on Unsplash I recently attended the Colorado CSA Fall Summit and wanted to share some insights and themes from the conference. The CSA summit included presentations on all things cloud security. On the technical side there were talks on DevSecOps, cloud pen testing, AWS encryption, cryptocurrency, and container security. One of […]

Read More…

Anatomy of a Redis Exploit

Anatomy of a Redis Exploit

Photo by Sonja Langford on Unsplash At Lacework Labs we have been setting up honeypots as part of our ongoing research into securing public cloud infrastructure. Recently we noticed one of our Redis honeypots was compromised. We were running a stock version of Redis which allowed inbound connections. During our monitoring, a cryptocurrency mining botnet […]

Read More…