Network Security

In this blog post, we take the concepts from Climbing The Ladder | Kubernetes Privilege Escalation (Part 1), which examined privilege escalation in Kubernetes environments and the danger of system pods, and now take a deep dive by analyzing an explicit use case. Part 2 of this series explores how a chain of misconfigurations in […]

The Good | CISA Safety Proposal Set to Protect U.S. Data & Recovery Tool for Mallox Ransomware Published Following President Biden’s Executive Order 14117, signed earlier in the year, CISA has proposed new security measures to prevent adversary nations from accessing sensitive personal and government-related data across the U.S. The proposal is aimed at organizations

Kubernetes (K8s) has become an integral part of cloud-native environments, offering powerful container orchestration capabilities that enable organizations to deploy, manage, and scale applications efficiently. However, as Kubernetes adoption grows, so does its attractiveness as a target for attackers. This is the first Attack post within our new Cloud & Container – Attack & Defend

Last week, researchers at Trend Micro published a report on a macOS malware sample that had credible file locking and data exfiltration capabilities and masqueraded as LockBit ransomware on successful encryption of a user’s files. Until now, ransomware threats for Mac computers had been at best ‘proof of concept’ and at worst entirely incapable of

Imagine a customer walking into your retail location and effortlessly connecting to fast, secure Wi-Fi on their phone. Instantly, their app engages them with tailored location-specific information like available coupons and new products, based on personal preferences and buying behavior. When they’re ready to check out, they skip the register and leave without the wait

The Good | DoJ Unseals Indictment Against Notorious ‘Anonymous Sudan’ DDoS Operators An unsealed indictment charged two brothers with operating the hacktivist group ‘Anonymous Sudan’, responsible for over 35,000 Distributed Denial of Service (DDoS) attacks globally. DDoS attacks work by flooding a target’s systems, usually via botnet, to send high levels of traffic and cause

Organizations are grappling with an unprecedented influx of vulnerabilities in today’s rapidly evolving cybersecurity landscape. In 2024 so far, over 29,000 new Common Vulnerabilities and Exposures (CVEs) were reported to the National Vulnerability Database (NVD) – a staggering number even NIST struggles to keep up with. This overwhelming volume makes it virtually impossible for security

The Good | Raccoon Infostealer Admin Pleads Guilty & Police Seize Two Extensive Dark Marketplaces This week marks two wins for global law enforcement groups, leading to the takedown of Raccoon Infostealer’s operator, Mark Sokolovsky, and two alleged administrators of the Bohemia dark market and its sister market, Cannabia. According to the DoJ, Sokolovsky, a

At SentinelOne, our mission is clear: To empower the world to run securely through intelligent, data-driven, and enterprise-wide cybersecurity. Driving this mission is our dedication to providing world class service to make our customers more successful and secure. When adopting new technologies purpose built for what’s next, we could all use some support. With the

Automating the on-demand collection of memory dumps, process information, system files, and event logs for inclusion in threat hunting activities allows for a more comprehensive and proactive approach to adaptive threat hunting. In the WatchTower Threat Hunting blog series, we call out some adaptive threat hunting methodologies including Chained Detections, Multi-Directional Approach, and AI-Powered Hunts.