Cloud DFIR

January 20, 2022

Fallout from Log4Shell-related Vietnamese Cryptocurrency Exchange Attack: KYC Data for Sale on Dark Web

Introduction Since its discovery at the end of 2021, Log4Shell – a zero-day vulnerability affecting Apache’s Log4j...
January 6, 2022

Our Take: Four Cloud Security Predictions for 2022

2021 was far from ordinary. Cybersecurity remained front and center after numerous high-profile breaches and vulnerabilities...
December 21, 2021

The Continued Evolution of Abcbot

A new version of a malicious shell script targeting insecure cloud instances running under Cloud Service Providers such as...
December 14, 2021

Analysis of Novel Khonsari Ransomware Deployed by the Log4Shell Vulnerability

By Matt Muir Overview As previously reported, a recently-discovered critical vulnerability (CVE-2021-44228) in Apache’s...
December 13, 2021

Analysis of Initial In The Wild Attacks Exploiting Log4Shell/Log4J/CVE-2021-44228

Introduction Log4J is an open-source logging platform running on Java and built-in to many web platforms. Public reports...
December 6, 2021

How to add Forensics to your SIEM and Start Automating Investigations

By Adam Hillel and Katerina Tiddy SIEM platforms are a key part of an organization’s security operations. A SIEM centralizes...
November 16, 2021

New ESG Research Reveals 89% of Companies Negatively Impacted by Cloud Cyber-Attacks Prior to Full Investigation

We’re excited to unveil new cloud digital forensics research in collaboration with ESG. As cloud attacks continue to...
November 9, 2021

Cloud Malware Proliferation?

Recently VX Underground released a toolset they report is from the Conti and BlackMatter ransomware gang: As TeamTNT themselves...
November 8, 2021

Cado Security Partners with SentinelOne to Deliver Cloud-Native Digital Forensics 

We’re thrilled to announce our partnership with SentinelOne to help organizations investigate and respond to incidents...
September 16, 2021

The Ultimate Guide to Docker & Kubernetes Forensics

Introduction As organizations continue to migrate their computing resources to cloud and container environments, attackers...