June 6, 2024 at 04:20PM Cybercriminals are exploiting misconfigured Docker containers for cryptojacking, with the recent “Commando Cat” campaign being a prime example. They utilize Docker capabilities to run malicious containers and establish a command-and-control channel for uploading malware. Organizations can mitigate risk by using certified Docker images, avoiding root privileges, conducting security audits, and … Read more
April 9, 2024 at 11:37AM Containerization has revolutionized application deployment and management, emphasizing security compliance in containerized environments. Wazuh, a free open-source security platform, addresses this need by providing visibility, granular access controls, vulnerability scanning, and monitoring for Docker and Kubernetes containers. It aids in maintaining regulatory compliance and strengthening container security, making it an … Read more
January 31, 2024 at 05:27PM Researchers uncovered four vulnerabilities in container engine components called “Leaky Vessels,” with one impacting runC and three impacting BuildKit in Docker environments. The most urgent vulnerability, CVE-2024-21626, enables container escape, potentially compromising host systems. Snyk advises updating affected components promptly. Container vulnerabilities are increasingly concerning, with high-profile cases indicating inadequate … Read more
October 24, 2023 at 08:09AM API modernization is crucial for organizations to enhance security and protect against threats like data breaches and unauthorized access. To achieve this, organizations should use strong authentication methods, encryption for data transfer, access control policies, real-time monitoring, security audits, and employee education. Gloo Gateway is a cloud-native API management solution … Read more
October 16, 2023 at 06:27PM Kaspersky has launched Kaspersky Container Security (KCS), a full-featured solution for containerized environments. KCS provides security for containerized applications during development and runtime, offering protection from cyber incidents. It consists of three main components: KCS scanner, KCS agent, and KCS server. KCS easily integrates into DevSecOps frameworks and helps ensure … Read more