The Implications of Kubernetes Vulnerability CVE-2018-1002105

Fei Huang Container Security

By Fei Huang Kubernetes critical vulnerability CVE-2018-1002105 was reported this week and the implication is a big warning to the fast-growing, massive DevOps world. The wide adoption of Kubernetes and Docker workloads is no doubt indicative of a disruptive next generation platform technology. But of course, like the dark side of the moon, every big shiny thing may bring some challenges. So …

17 Backdoored Malicious Images Removed From Docker Hub, But Are You Really Any Safer?

Fei Huang Docker Security

By Fei Huang Docker Hub recently removed 17 backdoored Docker images. This action came after Fortinet reported some cryptomining activity which linked back to these images. Here are some of the interesting facts: Backdoors were hidden inside the MySQL and Tomcat images, which are some of the most popular application containers on Docker Hub. These backdoored images were uploaded as …

Backdoor Found in Open Source SSH package

Fei Huang Container Security

A serious backdoor vulnerability in a popular software package was recently reported. It was found in the ssh-decorator Python package. In this open source library, a log function was sending clear text IP addresses, login names and passwords to an external site: “ssh-decorate.cf/index.php.” This immediately became one of the hottest topics about which thousands of discussions occurred in Reddit, Twitter …

The Ultimate Guide to Kubernetes Security

Fei Huang Container Security

How to Deploy Kubernetes Containers in Production, With Confidence By Fei Huang and Gary Duan Containers and tools like Kubernetes enable enterprises to automate many aspects of application deployment, providing tremendous business benefits. But these new deployments are just as vulnerable to attacks and exploits from hackers and insiders as traditional environments, making Kubernetes security a critical component for all …