The AquaSec team has been tracking an organized attack campaign that targets misconfigured open Docker Daemon API ports. In this attack, the attackers exploit a misconfigured Docker API port to run an Ubuntu container with the kinsing malicious malware, which in turn runs a cryptominer and then attempts to spread the malware to other containers and hosts.

Blog post from Monzo which explains how they managed to lock down egress traffic from Kubernetes using Envoy and CoreDNS.

Today many users understand that they should always pull container images from a trusted source. Sadly, you can still be compromised if you don't use the full URL of the image. Users pulling without specifying the full path leaves them open to a form of attack called image squatting.

Lessons learned from the HelloFresh team on running Istio in production.

How a Stored HTML Injection vulnerability escalated to a full Server Side Request forgery (SSRF) on an AWS EC2.

Transform is a Secrets Engine that allows Vault to encode and decode sensitive values residing in external systems such as databases or file systems. This capability allows Vault to ensure that when an encoded secret’s residence system is compromised, such as when a database is breached and its data is exfiltrated, that those encoded secrets remain uncompromised even when held by an adversary.

Collect logs, metrics, and APM data from a Kubernetes environment, and store, analyze, and visualize the resulting information in Elastic Cloud on Kubernetes, which provides a Kubernetes Operator to deploy and manage Elasticsearch and Kibana in k8s.

A Cloud-Native SIEM for analyzing logs in real-time and identifying suspicious activity that could indicate a breach. Panther also allows to identify misconfigurations, achieve compliance, and model security best practices in code.

Identify vulnerabilities in running containers, images, hosts and repositories.

Slack's TURN server allowed relaying of TCP connections and UDP packets to internal Slack network and meta-data services on AWS.

Introductory article discussing the Role-Based Access Control (RBAC) and how you can use it to secure your cluster.

HashiCorp announced the general availability of the Integrated Storage backend for Vault with support for production workloads. Integrated Storage exists as a purely Vault internal storage option and eliminates the need to manage a separate storage backend.

Both containers running on ECS and AWS Fargate will now be able to use Amazon Elastic File System (EFS).