Container Security: Vulnerabilities and Countermeasures

Containers offer many advantages for management, deployment, and efficient development of applications.  Like any technology, however, they are subject to attack from malicious actors, and require diligent security.  Vulnerabilities can appear in the container images themselves, in the registry where they are stored, or in the orchestration and deployment of the images.  Let’s take a look.

Image Vulnerabilities & Countermeasures

What You Need To Know About The WannaCry Ransomware Virus

On May 12 a ransomware virus, WannaCry, was released on the Internet and rapidly spread to hundreds of thousands of Microsoft Windows based computers in over 150 countries.  The malware encrypts critical files on a computer, such as Excel, Word, and other important files, and seeks out backup copies for encryption as well.  Once it infects a system, it requires the victim to pay approximately $300 in digital currency (Bitcoin), and immediately tries to find other systems to infect.

Technically News - 12/9

This week in Technically News: Battling Malware and Madware; Is PaaS the Savior of the Federal Datacenter Consolidation Initiative; Symantec Gets FISMA Certification for Shared Service Products; 7 IT Strategies for 2014; Less Malware Predicted for 2014 But New Tactics Emerge.

GovDefenders Wednesdays | Are Your Paleolithic Post-Patch and Post-Phish Processes Leaving You in a Pickle?

Last month the National Institute of Standards (NIST) database of software vulnerabilities, the National Vulnerability Database (NVD), was taken offline for several days because it was discovered that the web servers hosting the NVD, as well as other government databases, had been compromised by a software vulnerability. In this blog, I’ll review the problem; next week I’ll identify tools and processes that can help solve the problem.

GovDefenders Wednesdays | Reduce Your CyberPain: Restrict Data Access to Those with a Need to Know

Over the past few months our “situational awareness” with respect to cybersecurity has been enhanced by events including attacks on the New York Times, Twitter, and Facebook; the release of compelling evidence that much of our “CyberPain” can be traced to foreign, state-sponsored organizations; and the President’s timely Executive Order for Critical Infrastructure Cybersecurity. Have we reached a tipping point?

Cybersecurity Wednesdays | Symantec Identifies & Helps Take Down Global Cyber Crime Operation

Yesterday, Symantec and Microsoft technicians, together with U.S. federal marshals, raided data centers in Manassas, VA and Weehawken, N.J., shutting down servers, preventing users from accessing the internet, and pushing the above message to an estimated one million infected computers. If you were one of those caught in the process, while it may have been inconvenient, you were playing a small part in taking down a very big global cyber crime operation known as the Bamital botnet.