This week's articles
Threat Alert: Kinsing Malware Attacks Targeting Container Environments
The AquaSec team has been tracking an organized attack campaign that targets misconfigured open Docker Daemon API ports. In this attack, the attackers exploit a misconfigured Docker API port to run an Ubuntu container with the kinsing malicious malware, which in turn runs a cryptominer and then attempts to spread the malware to other containers and hosts.
Be careful when pulling images by short name
Today many users understand that they should always pull container images from a trusted source. Sadly, you can still be compromised if you don't use the full URL of the image. Users pulling without specifying the full path leaves them open to a form of attack called image squatting.
Vault Transform: Protecting Secrets in External Systems
Transform is a Secrets Engine that allows Vault to encode and decode sensitive values residing in external systems such as databases or file systems. This capability allows Vault to ensure that when an encoded secret’s residence system is compromised, such as when a database is breached and its data is exfiltrated, that those encoded secrets remain uncompromised even when held by an adversary.
Collect logs, metrics, and APM data from a Kubernetes environment, and store, analyze, and visualize the resulting information in Elastic Cloud on Kubernetes, which provides a Kubernetes Operator to deploy and manage Elasticsearch and Kibana in k8s.
A Cloud-Native SIEM for analyzing logs in real-time and identifying suspicious activity that could indicate a breach. Panther also allows to identify misconfigurations, achieve compliance, and model security best practices in code.
Identify vulnerabilities in running containers, images, hosts and repositories.
Introductory article discussing the Role-Based Access Control (RBAC) and how you can use it to secure your cluster.