Original research by Siddharth Sharma and Nischay Hegde The Uptycs Threat research team recently observed an advancement in the Black basta ransomware, where we saw that the ransomware binaries are now targeting ESXi servers. The Black Basta was first seen this year during the month of April, in which its…

Written for Uptycs by Lee Atchison Cloud-based applications and services are becoming explosively popular, and increasingly, applications in the cloud are expected to work together and cooperate to achieve more significant results. Data from one application must be shared with another application for the two applications to succeed. …

Written for Uptycs by Suzy McClure Your long-awaited return to the world of in person networking has finally arrived. It’s time to put on some pants and get a fresh haircut. Brush off your social skills and remember that in person- you don’t have that mute button! Here are a…

Written for Uptycs by Lee Atchison When building modern applications, an astute observer will quickly see an issue in the development process. How do you give developers and operations engineers access to the application to build, fix, and operate the application, without exposing customer data or violating business processes and…

Written by Lee Atchison for Uptycs Maintaining operational security is critical for all modern applications. But with the complex, interconnected nature of modern applications, maintaining operational security is harder than ever. In service-based applications, such as those built using microservice architectures, many components can become compromised. …

Written by: Tyson Supasatit and Jeremy Colvin The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently released Shields Up guidance outlining best practices in response to heightened cyber risk. The Shields Up guidance helps teams to begin assessing and prioritizing improvements in their cybersecurity posture. In this post, we break…

Written by: Amber Picotte Intrusion detection is the practice of monitoring your network, servers, workstations, and other IT assets for any suspicious activity, malicious actions, or violations of some policy. This practice is an integral component of your company’s infrastructure security. Many people in security management make a mistake with…

Written by: Seshu Pasam Organizations should transition EC2 instances to use Instance Metadata Service Version 2 (IMDSv2) because IMDSv1 is susceptible to server-side request forgery (SSRF) attacks. Uptycs customers should be cautious about enabling the curl table in osquery. …

Written by: Amber Picotte For many security-conscious businesses looking for a SaaS provider, SOC 2 compliance is a minimal requirement. Unfortunately, many providers aren’t sure how to implement SOC 2 compliance requirements, as they are inherently vague. In this article, we’ll find out what SOC 2 is, and explain the…