Tag: container
-
An NVIDIA Container Bug & Chance to Harden Kubernetes
A container escape flaw involving the NVIDIA Container Toolkit could have enabled a threat actor to access AI datasets across tenants. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/nvidia-container-bug-harden-kubernetes
-
A NVIDIA Container Bug & Chance to Harden Kubernetes
A container escape flaw involving the NVIDIA Container Toolkit could have enabled a threat actor to access AI datasets across tenants. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/nvidia-container-bug-harden-kubernetes
-
How to Chart an Exposure Management Leadership Path for You, Your Boss and Your Organization
Tags: access, attack, automation, breach, business, ciso, cloud, container, cybersecurity, data, defense, exploit, identity, incident response, iot, jobs, kubernetes, ransom, regulation, risk, security-incident, service, soc, threat, tool, vulnerability, vulnerability-managementEach Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, we share some tips on how to lead the move to exposure management. You can read the entire Exposure Management Academy series here. For years, organizations poured resources into reactive…
-
Navigating a Heightened Cyber Threat Landscape: Military Conflict Increases Attack Risks
Tags: advisory, ai, attack, authentication, breach, business, cloud, container, control, cyber, cyberattack, cybersecurity, data, data-breach, defense, detection, exploit, finance, firmware, group, hacker, hacking, Hardware, identity, infrastructure, intelligence, Internet, iran, mfa, military, network, password, risk, russia, service, strategy, tactics, technology, terrorism, threat, tool, update, vulnerability, vulnerability-managementThe current geopolitical climate demands a proactive, comprehensive approach to cybersecurity. Here’s what you need to know, and how Tenable can help. The cybersecurity landscape is in constant flux, but rarely do we see such a rapid escalation of threats as we are currently experiencing. The U.S. Department of Homeland Security’s (DHS) National Terrorism Advisory…
-
The Toxic Cloud Trilogy: Why Your Workloads Are a Ticking Time Bomb
Tags: access, attack, breach, business, cloud, container, credentials, cve, data, data-breach, detection, exploit, group, iam, identity, infrastructure, Internet, least-privilege, mitigation, monitoring, network, remote-code-execution, risk, service, vulnerabilityDon’t let hidden cloud risks become tomorrow’s headline breach. The time to dismantle the toxic cloud trilogy is now. Here’s how Tenable Cloud Security can help. In today’s cloud environments, individual misconfigurations or vulnerabilities are dangerous, but it’s their combinations that can lead to catastrophic breaches. The Tenable Cloud Security Risk Report 2025 reveals that…
-
How to make your multicloud security more effective
Tags: ai, automation, ciso, cloud, container, control, data, infrastructure, LLM, risk, risk-analysis, software, technology, threat, toolIs it time to repatriate to the data center?: Perhaps. Some organizations, such as Zoom, have moved workloads to on-premises because it provides more predictable performance for real-time needs of their apps. John Qian, who once worked there and now is the CISO for security vendor Aviatrix, tells CSO that Zoom uses all three of…
-
Attackers Use Docker APIs, Tor Anonymity in Stealthy Crypto Heist
The attack is similar to previous campaigns by an actor called Commando Cat to use misconfigured APIs to compromise containers and deploy cryptocurrency miners. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/attackers-docker-apis-tor-anonymity-crypto-heist
-
10 tough cybersecurity questions every CISO must answer
2. How can we achieve the right security balance for our company’s risk tolerance?: To play that consultative role, CISOs also need to ask and answer that question, says Vandy Hamidi, CISO of public accounting and advisory firm BPM.”My role is to reduce risk in a way that enables the business to operate confidently while…
-
Amazon EKS Flaws Expose AWS Credentials and Enable Privilege Escalation
Recent research has uncovered critical security flaws in Amazon Elastic Kubernetes Service (EKS) that could expose sensitive AWS credentials and enable privilege escalation within cloud environments. The vulnerabilities, rooted in misconfigurations and excessive container privileges, highlight the ongoing challenges of securing Kubernetes-based container platforms at scale. Amazon EKS is a managed service that simplifies running…
-
Kernel-level container insights: Utilizing eBPF with Cilium, Tetragon, and SBOMs for security
As applications become more distributed, traditional monitoring and security tools are failing to keep pace. This article explores how eBPF, when utilized by the graduated … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/18/ebpf-cilium-tetragon-sboms-security/
-
Improving Java Container Security with Chainguard and Azul
Chainguard provides hardened, zero-CVE container images (Chainguard Containers) that enable companies to achieve speed, security and scalability. Now, through a strategic partnership between Azul and Chainguard, Chainguard will build from source Java container images that incorporate Azul’s commercially supported build of OpenJDK that’s part of Azul Platform Core. This integration enables enterprises to continue to……
-
Why We’re Going All In on Application Protection – Impart Security
Tags: access, ai, application-security, attack, business, captcha, container, control, cybersecurity, detection, framework, infrastructure, intelligence, monitoring, network, programming, risk, software, startup, threat, tool, update, vulnerabilityWhen we started Impart, the cybersecurity world was obsessed with visibility. Every startup was racing to build the next agentless monitoring platform, building broad sets of product features across multiple areas while carefully sidestepping the unglamorous reality of actually securing anything. Coming from the world of WAF in the trenches of real security enforcement, this felt…
-
Researchers Reveal Container-Based Attacks Through Host-Based Log Analysis
Cybersecurity researchers have shed light on the often-underestimated vulnerabilities in containerized environments, emphasizing the critical role of host-based log analysis in uncovering sophisticated attacks. Containers, widely adopted for their ability to encapsulate application dependencies and ensure deployment consistency, are frequently perceived as highly isolated. However, as experts have now demonstrated, this isolation is far from…
-
Frequently Asked Questions About BadSuccessor
Frequently asked questions about “BadSuccessor,” a zero-day privilege escalation vulnerability in Active Directory domains with at least one Windows Server 2025 domain controller. Background Tenable’s Research Special Operations (RSO) and the Identity Content team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a newly disclosed zero-day in Active Directory called BadSuccessor. FAQ…
-
The Sequential Kill Chain for AI FireTail Blog
May 30, 2025 – Timo Rüppell – The Sequential Kill Chain for AI-Powered Attacks Excerpt: We’ve talked before about Mean Time To Attack, or MTTA, which has grown alarmingly short for new vulnerabilities across the cyber landscape. In this blog, we’ll dive into the “how” and “why” of this”¦ Summary: In our current cyber landscape,…
-
New Self-Spreading Malware Infects Docker Containers to Mine Dero Cryptocurrency
Misconfigured Docker API instances have become the target of a new malware campaign that transforms them into a cryptocurrency mining botnet.The attacks, designed to mine for Dero currency, is notable for its worm-like capabilities to propagate the malware to other exposed Docker instances and rope them into an ever-growing horde of mining bots.Kaspersky said it…
-
Apache Tomcat RCE Vulnerability Exposed with PoC Released
Tags: apache, container, control, cve, cyber, data-breach, flaw, malicious, open-source, rce, remote-code-execution, vulnerabilityA critical security vulnerability, tracked as CVE-2025-24813, has been discovered in Apache Tomcat, a widely used open-source Java servlet container and web server. This flaw, stemming from improper handling of file paths, particularly those containing internal dots (e.g., file.Name)”, can allow attackers to bypass security controls, leading to remote code execution (RCE), information disclosure, and…
-
How Hunters International Used the Browser to Breach Enterprises”Š”, “ŠAnd Why They Didn’t See It”¦
How Hunters International Used the Browser to Breach Enterprises”Š”, “ŠAnd Why They Didn’t See It Coming At RSAC 2025, Cato Networks delivered a presentation that SOC teams and CISOs will want to pay attention to: “Suspicious Minds”Š”, “ŠHunting Threats That Don’t Trigger Security Alerts.” The session showcased ransomware campaigns that bypassed traditional detection. In some cases,…
-
Getarnte Krypto-Miner kapern Docker-Container
Eine neue, raffiniert angelegte Cyberkampagne nutzt Schwachstellen in öffentlich erreichbaren Docker-APIs aus. Ziel ist es, Container-Umgebungen mit Krypto-Mining-Malware zu infizieren und das mit hohem Automatisierungsgrad. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/krypto-miner-docker
-
Russian APT28 compromised Western logistics and IT firms to track aid to Ukraine
Tags: access, advisory, api, authentication, cctv, cloud, computer, container, credentials, cve, cybersecurity, data, detection, email, exploit, flaw, government, hacker, identity, infrastructure, Internet, login, malicious, malware, mfa, military, network, ntlm, office, open-source, password, phishing, powershell, russia, service, software, threat, tool, ukraine, vulnerabilityCredential guessing and spearphishing: The attackers used brute-force credential guessing techniques, also known as password spraying, to gain initial access to accounts. This was complemented with targeted phishing emails that directed recipients to fake login pages for government entities or Western cloud email providers. These phishing pages were stored on free web hosting services or…
-
How to prevent data leakage in your AI applications with Tonic Textual and Snowpark Container Services
Tonic Textual provides advanced Named Entity Recognition (NER) and synthetic replacement of sensitive free-text data. Today, we are excited to announce that Tonic Textual is now available on the Snowflake Data Platform via Snowpark Container Services (SPCS). SPCS enables you to run containerized workloads directly within Snowflake, ensuring that your data doesn’t leave your Snowflake…
-
How Identity Plays a Part in 5 Stages of a Cyber Attack
Tags: access, attack, authentication, breach, cloud, computer, container, control, credentials, cyber, data, data-breach, detection, endpoint, exploit, group, iam, identity, intelligence, malicious, malware, mfa, microsoft, monitoring, password, powershell, ransomware, risk, technology, threat, tool, vulnerabilityWhile credential abuse is a primary initial access vector, identity compromise plays a key role in most stages of a cyber attack. Here’s what you need to know, and how Tenable can help. Identity compromise plays a pivotal role in how attackers move laterally through an organization. Credential abuse is the top initial access vector,…
-
Docker Zombie Malware Infects Containers for Crypto Mining and Self-Replication
Tags: api, attack, container, crypto, cyber, cybersecurity, data-breach, docker, exploit, infrastructure, kaspersky, malicious, malwareA novel malware campaign targeting containerized infrastructures has emerged, exploiting insecurely exposed Docker APIs to spread malicious containers and mine Dero cryptocurrency. Dubbed a “Docker zombie outbreak” by cybersecurity researchers at Kaspersky, this attack leverages a self-replicating propagation mechanism to transform compromised containers into “zombies” that mine cryptocurrency and infect new victims. The campaign, detected…
-
BadSuccessor: Unpatched Microsoft Active Directory attack enables domain takeover
Tags: access, attack, authentication, computer, container, control, credentials, group, microsoft, network, password, powershell, service, updatemsDS-DelegatedMSAState, which indicates whether the migration process is unknown, in progress, or completed; msDS-ManagedAccountPrecededByLink, which indicates the superseded account; and msDS-GroupMSAMembership, which indicates which principals (users, groups, and computers) can authenticate as the account.Once migration to a dMSA account is complete, any machine that authenticates as the superseded service account will receive from Domain Controller…
-
Für Kryptomining: Neuer Zombie-Trojaner beißt sich durch Docker-Container
Nginx ist nicht nur ein Webserver. Ein Trojaner missbraucht diesen Namen, um unbemerkt und automatisiert Docker-Container zu infiltrieren. First seen on golem.de Jump to article: www.golem.de/news/fuer-kryptomining-neuer-zombie-trojaner-beisst-sich-durch-docker-container-2505-196424.html
-
Containers are just processes: The illusion of namespace security
In the early days of commercial open source, major vendors cast doubt on its security, claiming transparency was a flaw. In fact, that openness fueled strong communities and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/20/containers-namespaces-security/
-
Ethical hackers exploited zero-day vulnerabilities against popular OS, browsers, VMs and AI frameworks
Virtual machine and container escapes: Virtualization sits at the core of public cloud infrastructure and private data centers, allowing companies to run their workloads and applications inside isolated containers or virtual servers. Any flaw that allows escaping from the confines of a virtual machine or a Linux container poses a risk not only to the…