By Fei Huang Recently, security researchers from Intezer shared an interesting case study about malware targeting public Docker environments. Security researchers have named this malware Doki. It is being downloaded and installed as a Linux backdoor. It is using the DynDNS service and a unique Domain Generation Algorithm (DGA) based on the Dogecoin cryptocurrency blockchain to find it’s controller in …
By Fei Huang, Chief Strategy Officer and co-founder, NeuVector We made it! We’re halfway through 2020 and we’ve all adjusted to a new way of working. In the technology world, based on what we see, the migration to Cloud Computing isn’t slowing down. In fact, some verticals are accelerating cloud adoption. A cloud infrastructure is the solution of choice to …
By Fei Huang Every cloud application and service utilizes a key (secret) to identify and authorize communications. Secrets are also used to authorize access to containerized applications which require a login. These credentials are widely used by public facing services as well as internal and external REST API’s everywhere. Examples include the AWS IAM access key, Google API access token, …
By Fei Huang What is Serverless? The nature of a serverless computing framework is to abstract applications at much higher level to provide portability, resource utilization and cost benefits. For example delivering API level or function level code that can run only when needed. Ideally, after developers have checked in code, a serverless computing framework will take over control of …
By Fei Huang A new docker vulnerability affecting container security, CVE-2019-5736 was just announced, with some calling it a ‘Doomsday Docker Security Hole.’ This is just 2 months after the critical Kubernetes vulnerability was reported allowing attackers to take control of the api server. From one of the runc maintainers Aleksa Sarai: Aleksa stated that “this docker vulnerability allows a …