all InfoSec news
Test code block
Feb. 2, 2024, midnight | MalBot
Malware Analysis, News and Indicators - Latest topics malware.news
The following Falco rule will detect the affected container runtimes trying to change the directory to a proc file descriptor, which isn’t normal activity. This rule should be considered experimental and can be used in OSS Falco and Sysdig Secure as a custom rule.
- rule: Suspicious Chdir Event Detected
desc: Detects a process changing a directory using a proc-based file descriptor.
condition: >
evt.type=chdir and evt.dir=< and evt.rawres=0 and evt.arg.path startswith "/proc/self/fd/"
output: >
Suspicious Chdir event detected, executed …
block can change changing code container detect directory event falco file isn normal oss proc process sysdig sysdig secure test
More from malware.news / Malware Analysis, News and Indicators - Latest topics
Update: file-magic.py Version 0.0.8
14 hours ago |
malware.news
What the Biggest-Ever Botnet Takedown Means
1 day, 14 hours ago |
malware.news
Nearly 6M WordPress sites may be affected by bugs in 3 plug-ins
1 day, 17 hours ago |
malware.news
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Information Systems Security Manager
@ Bank of America | USA, MD, Fort Meade (6910 Cooper Ave)
Security Engineer
@ EY | Bengaluru, KA, IN, 560048