By Fei Huang Docker Hub recently removed 17 backdoored Docker images. This action came after Fortinet reported some cryptomining activity which linked back to these images. Here are some of the interesting facts: Backdoors were hidden inside the MySQL and Tomcat images, which are some of the most popular application containers on Docker Hub. These backdoored images were uploaded as …
A serious backdoor vulnerability in a popular software package was recently reported. It was found in the ssh-decorator Python package. In this open source library, a log function was sending clear text IP addresses, login names and passwords to an external site: “ssh-decorate.cf/index.php.” This immediately became one of the hottest topics about which thousands of discussions occurred in Reddit, Twitter …
By Fei Huang This week, over 1.35 Terabits per second of traffic hit GitHub services all of a sudden. It was the most powerful distributed denial of service attack recorded to date. After only 10 minutes, GitHub had to call for help. Luckily Akamai Prolexic was able to take care of them and blocked the malicious traffic. So what happened …
By Gary Duan The Equifax data breach is one of the largest and costliest customer data leaks in history. Let’s take a closer look at the vulnerabilities and exploits reportedly used. Could the use of containers have helped protect Equifax? We’ll examine how proper security in a container based infrastructure helps to make application security more effective. The Apache Struts …
Container Visibility and Microservices Security Was Critical for Migration Project The Container Project A year ago, Arvato, a subsidiary of Bertelsmann, embarked on an ambitious plan to migrate to a microservices based architecture with Docker containers as a key enabler. The project required robust microservices security and would enable Arvato to be more effective in processing consumer and device data …