Open Source Security

How to Protect Container Infrastructures Against the Malware “Doki”

Fei Huang Docker Security Leave a Comment

By Fei Huang Recently, security researchers from Intezer shared an interesting case study about malware targeting public Docker environments. Security researchers have named this malware Doki. It is being downloaded and installed as a Linux backdoor. It is using the DynDNS service and a unique Domain Generation Algorithm (DGA) based on the Dogecoin cryptocurrency blockchain to find it’s controller in …

Alpine Linux Docker Image Vulnerability CVE-2019-5021

Glen Kosaka Docker Security

Attackers can login to root with no password on affected systems On May 8, 2019, a potentially serious vulnerability was announced affecting the Docker Alpine Linux container image. The vulnerability allows an attacker to authenticate as the root user with no password if using Linux PAM or other authentication means. Potentially thousands of downloads of affected images have been downloaded …

Major Docker Security Hole Discovered

Fei Huang Docker Security

By Fei Huang A new docker vulnerability affecting container security,  CVE-2019-5736 was just announced, with some calling it a ‘Doomsday Docker Security Hole.’ This is just 2 months after the critical Kubernetes vulnerability was reported allowing attackers to take control of the api server. From one of the runc maintainers Aleksa Sarai: Aleksa stated that “this docker vulnerability allows a …

NeuVector Releases New Security Integration That Extends Kubernetes’ Built-in Admission Control Capabilities

Glen Kosaka Docker Security

Announced at DockerCon Europe, the Kubernetes security company will demonstrate its integrated solution that prevents vulnerable images from being deployed in production Barcelona, Spain – December 3, 2018 – NeuVector, the leader in container network security delivering the first and only next generation container firewall, today announced the addition of new Admission Control capabilities that seamlessly integrate with Kubernetes. The …

Delivering Shift-Left Security with NeuVector and JFrog Xray

Glen Kosaka Docker Security

Bringing Kubernetes app security insights to developers By Henrik Rosendahl & Craig Peters Kubernetes, the container and orchestration tool favored by enterprises, provides great benefit in automating many aspects of application deployment at scale. But, like any emerging technology, there are perils as well. Administrators are learning that deployments of these new cloud architectures can be as vulnerable to exploits …