Frequent verification codes may appear for non-Mainland China IP visits. If visitors are severely affected, please send [IP|ASN](|AS14618) to the bottom mailbox to add to the whitelist


2022-06-29 00:00   ClearPath report shows automation and good policy can help beleaguered security professionals    #lacework #威胁情报 It’s a tough time to work in cybersecurity right now. On the one hand, companies desperately need security professionals to help defend against a growing myriad of attacks against the cloud. But security pros say companies aren’t taking the threat seriously enough. How do we explain such a discrepan

2022-06-22 00:00   Kubernetes tools are helpful for your team and sadly, your attacker    #lacework #威胁情报 Overview Defenders must constantly stay aware of the latest attacker trends to ensure their organizations’ assets are protected. In recent years, leveraging commonly found binaries on Windows/Linux systems has become more popular with offensive security professionals. The methodology of “living off

2022-06-15 00:00   Ransomware hits the cloud    #lacework #威胁情报 Ransomware attacks are on the rise. In the last two years, we’ve seen a 600% increase in attacks which is not terribly surprising given ransomware, a form of malware that seeks to encrypt or withhold data unless a ransom is paid, is profitable for attackers. This  is just one reason why it’s more im

2022-06-07 23:19   Kinsing & Dark.IoT botnet among threats targeting CVE-2022-26134    #lacework #威胁情报 Details regarding the recent Confluence OGNL (CVE-2022-26134) exploit were released to the public on June 3rd 2022. Shortly following this, Lacework Labs began seeing multiple attacks in the wild from both uncategorized and named threats. While this was expected, there appears to be more widespread

2022-06-04 01:00   Four tips for attending RSA Conference 2022    #lacework #威胁情报 RSA is back in person running from June 6th to 9th at the Moscone Center in San Francisco. This year’s theme is transform–something that we can all get behind from both a security and erosional perspective after the past few years. It’s been a while since most of us have attended a big conference in

2022-06-04 00:20   Security Advisory: CVE-2022-26134 RCE in multiple Atlassian products    #lacework #威胁情报 Summary On Jun 2nd  Lacework Labs was made aware of CVE-2022-26134, a critical unauthenticated remote code execution vulnerability within Atlassian’s Confluence Server and Data Center products. This vulnerability was originally discovered and reported to Atlassian by Volexity, during an incide

2022-06-02 21:00   More flexibility and visibility with agentless coverage for workloads    #lacework #威胁情报 Speed and agility are two primary benefits of cloud computing, but neither are possible without aligning security to those goals — something that’s easier said than done!  The first step in securing anything is knowing what you have and where it lives. This is why securing dynamic cloud environments

2022-06-02 21:00   Lacework expands workload security capabilities to protect Windows Server    #lacework #威胁情报 For years, Lacework has helped security teams understand what’s happening in their workloads via an agent that runs on Linux operating systems. The lightweight agent provides continuous monitoring and security for running cloud workloads, including applications, containers and hosts.  Today, w

2022-05-27 00:00   New integration with Kubernetes admissions controller    #lacework #威胁情报 Kubernetes and the containers it manages represent a broad surface area that needs to be protected with layered defenses. Lacework is excited to announce that our integration with Kubernetes admission controller is now generally available to all customers to increase visibility and protection in you

2022-05-26 08:29   Lacework Update    #lacework #威胁情报 This afternoon, we informed the Lacework team of some difficult news related to a restructuring of our business. Openness is one of our core values at Lacework, so in the spirit of transparency with employees, customers, and partners, we are sharing our internal communication here: — Fellow Lacers:

2022-05-25 00:00   Embed IaC security at the earliest stage in development    #lacework #威胁情报 What is Infrastructure as Code? Infrastructure as Code (IaC), or the automated provisioning of cloud infrastructure, is often described as a set of “blueprints” that define your cloud infrastructure. IaC enables teams to design, build and maintain their cloud infrastructure with the same level of pr

2022-05-21 03:00   Security Advisory: Critical vulnerabilities in VMware    #lacework #威胁情报 CVE(s) (if available): CVE-2022-22954, CVE-2022-22955,CVE-2022-22956, CVE-2022-22957, CVE-2022-22958, CVE-2022-22959, CVE-2022-22960, CVE-2022-22961, CVE-2022-22972, CVE-2022-22973 Summary In early April VMware released patches for remote code execution and authentication bypass vulnerabilities agai

2022-05-18 14:58   Lacework introduces new Kubernetes Audit Logs monitoring    #lacework #威胁情报 Lacework has always offered strong protection for your Kubernetes environment in the cloud and it just got better with a new feature, Kubernetes Audit Logs Monitoring. This new feature integrates with the Kubernetes API and greatly increases your insight into Kubernetes user activity and actions tha

2022-05-17 21:00   Lacework joins the CNBC Disruptor 50 List    #lacework #威胁情报 Since our founding seven years ago, Lacework has been helping customers of all sizes understand and protect against the advanced threats they face when building on or migrating to the cloud. And with nearly every global industry looking to adopt or expand their use of cloud computing, it’s critical

2022-05-17 01:00   Balancing small team demands with the need for cloud visibility    #lacework #威胁情报 The AWS Cloud is full of promise. As a business, when you’re building in the cloud you want to be able to focus on solving your business problems. Traditionally, IT solved its own problems and created its own set of issues. IT has a weight to it. Every system and solution in your environment require