containers
Kata Containers: Open-source container runtime, building lightweight VMs
Kata Containers is an open-source project dedicated to creating a secure container runtime that combines the performance and simplicity of containers with the enhanced …
Containers have 600+ vulnerabilities on average
Containers are the fastest growing – and weakest cybersecurity link – in software supply chains, according to NetRise. Companies are struggling to get container …
QScanner: Linux command-line utility for scanning container images, conducting SCA
QScanner is a Linux command-line utility tailored for scanning container images and performing Software Composition Analysis (SCA). It is compatible with diverse container …
Am I Isolated: Open-source container security benchmark
Am I Isolated is an open-source container security benchmark that probes users’ runtime environments and tests for container isolation. The Rust-based container runtime …
How isolation technologies are shaping the future of Kubernetes security
In this Help Net Security interview, Emily Long, CEO at Edera, discusses the most common vulnerabilities in Kubernetes clusters and effective mitigation strategies. Long …
Strengthening Kubernetes security posture with these essential steps
In this Help Net Security interview, Paolo Mainardi, CTO at SparkFabrik, discusses comprehensive strategies to secure Kubernetes environments from development through …
DockerSpy: Search for images on Docker Hub, extract sensitive information
DockerSpy scans Docker Hub for images and retrieves sensitive information, including authentication secrets, private keys, and other confidential data. “DockerSpy was …
Docker fixes critical auth bypass flaw, again (CVE-2024-41110)
A critical-severity Docker Engine vulnerability (CVE-2024-41110) may be exploited by attackers to bypass authorization plugins (AuthZ) via specially crafted API request, …
Portainer: Open-source Docker and Kubernetes management
Portainer Community Edition is an open-source, lightweight service delivery platform for containerized applications. It enables the management of Docker, Swarm, Kubernetes, …
Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545)
Curl v8.4.0 is out, and fixes – among other things – a high-severity SOCKS5 heap buffer overflow vulnerability (CVE-2023-38545). Appropriate patches for some older …
Kubernetes attacks in 2023: What it means for the future
In 2023, a wave of new attacks targeting Kubernetes has been reported, from Dero and Monero crypto mining to Scarleteel and RBAC-Buster. In this Help Net Security video, Jimmy …
Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129)
UPDATE (September 28, 2023, 03:15 a.m. ET): The CVE-2023-5129 ID has been either rejected or withdrawn by the CVE Numbering Authority (Google), since it’s a duplicate of …
Featured news
Resources
Don't miss
- Zscaler CISO on balancing security and user convenience in hybrid work environments
- ExtensionHound: Open-source tool for Chrome extension DNS forensics
- How to use Hide My Email to protect your inbox from spam
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891)
- DeepSeek’s popularity exploited by malware peddlers, scammers