Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Containers

Container security essentials

As cloud-native applications continue to proliferate, containers are becoming the preferred option to package and deploy these applications because of the agility and scalability they offer. In fact, Gartner predicts that 75% of global organizations are running containerized applications in production. The popularity of containers has also attracted hackers looking for new ways to exploit applications.

Top Kubernetes Security Tools in 2024

Kubernetes security is a critical part of the app lifecycle, through the build, deployment and runtime stages. Kubernetes runtime environments are dynamic and continuously changing. As clusters are replaced and permissions reassigned, security becomes an innate part of DevOps. It is important to ensure that malware and other malicious attacks do not access the cloud, as they might lead to system failures, servers going down, and more.

How to secure your cloud credentials against AndroxGh0st

On January 16, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) sent out a Cybersecurity Advisory (CSA) about active threat actors deploying the AndroxGh0st malware. This is significant as cyber criminals are actively using this malware to target Laravel (CVE-2018-15133) (an open source PHP framework).env files and obtain credentials for various high profile applications like Office365, SendGrid, and Twilio.

What Is Container Security? Container Security Best Practices, Challenges and Tools

Nowadays, most of the applications are deployed on containers and orchestrated using Kubernetes or similar technology. Due to this, the performance, stability, and scalability are highly increased. But, it also widens up the attack surface if proper security controls, techniques, tools, and practices are not followed/used. So, if your application is running on containers or if you are thinking about deploying containers, then learning about container security best practices is a must.

Security Risks of Kubernetes Helm Charts and What to do About Them

Kubernetes has emerged as the leading platform for orchestrating containerized applications. However, developers and administrators rely on an ecosystem of tools and platforms that have emerged around Kubernetes. One of these tools is Helm, a package manager that simplifies Kubernetes deployments. However, with the convenience and efficiency Helm offers, it also introduces significant security risks.

Leaky Vessels deep dive: Escaping from Docker one syscall at a time

The Snyk Security Labs team recently embarked on a research project into the Docker engine. During this project, I had the opportunity to perform what is arguably my favorite kind of research using my favorite selection of tools. The research panned out quite successfully, and we identified four high severity vulnerabilities that allow a malicious attacker to break out of a container environment with a controlled Dockerfile under docker build and, in one case, docker run.

Kubernetes Security Best Practices for Security Professionals

As containerized applications become the norm, the complexities of securing these dynamic, scalable environments demand a fresh perspective on traditional security practices. While Kubernetes streamlines deployment and management, it also introduces a new layer of attack surface, necessitating a nuanced approach to threat mitigation.

Cybersecurity in the Age of Regulation

Cybersecurity breaches are becoming more frequent and more impactful. Adversaries continue to grow stronger, and defenders aren’t always keeping pace. Add in the increasing number of nation-state actors in the threat landscape, and it’s hardly surprising that governments are starting to take a greater role in regulating security. On July 26th, 2023, the U.S.

Cybersecurity in the Age of Regulation - Sysdig

Cybersecurity breaches are becoming more frequent and more impactful. Adversaries continue to grow stronger, and defenders aren’t always keeping pace. On July 26th, 2023, the U.S. Securities and Exchange Commission issued new regulations on cybersecurity risk management, strategy, governance, and incident disclosure, leaving many companies concerned about how to ensure compliance with these new rules, and what changes they may need to make to get up to speed.