Blog
Sandfly 4.0 - SSH Credential Auditing and eBPF Rootkit Detection
Sandfly 4.0 has been released and includes our powerful new SSH key and credential auditing feature: SSH Hunter. This new feature allows you to track SSH key usage across your Linux fleet…
Sandfly Linux File Entropy Scanner Updated
Our entropy scanner sandfly-filescan has been updated and renamed to sandfly-entropyscan and now features Linux process scanning to help quickly spot packed and encrypted malware. You can get it…
BPFDoor Coverage in Bleeping Computer
Bleeping Computer wrote an extensive article covering the evasive BPFDoor malware found on many Linux systems globally: BPFDoor: Stealthy Linux malware bypasses firewalls for remote access The…
BPFDoor - An Evasive Linux Backdoor Technical Analysis
Recently Kevin Beaumont revealed a new evasive backdoor targeting Linux associated with the Chinese Red Menshen threat actors. In his article he reveals that this backdoor has been operating globally…
Security Monitoring for Threats on Embedded Linux
A new report from Mandiant entitled: Eye Spy on Your Email details a series of sophisticated attacks against embedded network devices often running Linux. In particular, the report states (emphasis…
Sandfly 3.3 - Reporting, SSO, Veracode Certified, Suspicious IP Detection and More
Sandfly 3.3.0 has been released with major updates across the board. Some of the new features include: Single Sign-On (SSO) support Veracode Verified Reporting Configurable data retention period…