Been away from here recently but I can finally share my first blog for @datadoghq, an updated campaign from the group behind Spinning YARN.

RT @0xAmit: Fascinating paper about #eBPF based attacks on the cloud:.Cross Container Attacks:.The Bewildered eBPF on Clouds..

Latest research from the lab. This is an interesting one! 4 new discovery/initial access tools were found. Each tool contained code to exploit common misconfigurations (and n-day vulnerability) in either YARN, Docker, Confluence or Redis.

Our latest blog covering #Migo - a Golang miner targeting Redis. This one attempts to weaken the Redis server by issuing various config commands, before deploying a user mode rootkit to hide the miner.

🐈 Here’s a new blog from us covering a novel attack named “Commando Cat” 🐈 . The fun never stops with these Docker-focused campaigns!.

Thanks to everyone that attended/tuned-in to my talk for @SANSInstitute today! There have been some requests for me to upload the slides, so here they are.

RT @chrisdoman: If you're at the SANS CTI summit today - check out @_mattmuir 's talk "Beyond Cryptojacking: Studying Contemporary Malware….

Great research by our talented colleague Nate!.

Legion-specific activity includes the creation of a malicious IAM user with the name ms.boharas in AWS environments.

CISA have today released an advisory on Androxgh0st, this cloud-focused malware is closely related to Legion and Fbot.

Continuing to follow this Rust botnet! A new #p2pinfect sample targeting MIPS.

Latest blog from us :D OracleIV - a dockerised DDoS botnet.