Labs Archives Lacework

Search Results

Results For:
Blog

Log4j Today – Prepare for What’s Next

Greg Foss, Lacework Labs The holiday season is never complete without a significant security event unfolding as the year comes to an end. Read More

Read More
Blog

Log4j Attacks – A Week in Review

Key Takeaways Log4J Vulnerabilities (CVE-2021-44228, CVE-2021-45046)  are being exploited by opportunistic attackers. Evasion techniques are being employed to subvert detection. Overview A week… Read More

Read More
Blog

Lacework Labs Identifies Log4J Attacks

Key Takeaways CVE-2021-44228 is being adopted by opportunistic attackers. Mirai and Kinsing are being distributed via this attack vector. Overview Lacework Labs is constantly… Read More

Read More
Blog

HCRootkit / Sutersu Linux Rootkit Analysis

Jared Stroud, Tom Hegel Cloud Security Researchers – Lacework Labs Key Points Lacework Labs identified new samples and… Read More

Read More
Blog

Hiding in Plaintext Sight: Abusing The Lack of Kubernetes Auditing Policies

Jared Stroud Cloud Security Researcher – Lacework Labs Key Points: Kubernetes Audit Policies are critical for cluster-level visibility. Read More

Read More
Blog

Threat Hunting SSH Keys – Bash Script Feature Pivoting

Tom Hegel Cloud Security Researcher – Lacework Labs   Malicious actors often add SSH keys to victim hosts for persistence (… Read More

Read More
Blog

Hacking Like its 1999 – Automating Analysis Like its 2021

Jared Stroud Cloud Security Researcher – Lacework Labs  The Takeaways Lacework Labs is releasing a Ghidra script to… Read More

Read More
Blog

Keksec & Tsunami-Ryuk

Chris Hall Cloud Security Researcher – Lacework Labs   Key Takeaways  Keksec is now leveraging a new Tsunami DDoS malware dubbed “Ryuk”… Read More

Read More
Blog

Taking TeamTNT’s Docker Images Offline

Jared Stroud Cloud Security Researcher – Lacework Labs  The Takeaways TeamTNT targets exposed Docker API to deploy malicious images. Read More

Read More
Blog

Sysrv-Hello Expands Infrastructure

  Chris Hall and Jared Stroud Cloud Security Researchers, Lacework Labs   Sysrv-hello is a multi-architecture Cryptojacking (T1496) botnet that first… Read More

Read More