2020 was a busy year for Docker and Snyk! In the same year, we announced (and released) Snyk-powered vulnerability scanning within Docker Desktop and Docker Hub. We expect 2021 to be bigger as we grow these products and release Snyk-secured Docker Official Images.

In order to meet the increasing demand for OPA in EMEA, Styra and Amazic have signed a distributor agreement. With Amazic network of partners and resellers, Styra will significantly increase the reach and ability to support OPA users across the region. I’m excited to announce that Styra is now partnering with Amazic in Europe! Amazic empowers the IT individual by providing them with a unique platform of brands to discover, learn, purchase and market the latest IT technologies.

As a developer of copy data management and data protection products for 20+ years, Catalogic Software has considerable experience in securing and protecting our customers’ data. For our new CloudCasa backup service for Kubernetes and cloud native databases, security is built into every step of the service using a modern DevSecOps approach. In addition, we are adding new capabilities to meet specific enterprise security and data custodian and governance requirements.

The defense evasion category inside MITRE ATT&CK covers several techniques an attacker can use to avoid getting caught. Familiarizing yourself with these techniques will help secure your infrastructure. MITRE ATT&CK is a comprehensive knowledge base that analyzes all of the tactics, techniques, and procedures (TTPs) that advanced threat actors could possibly use in their attacks. Rather than a compliance standard, it is a framework that serves as a foundation for threat models and methodologies.

Modern organizations are working hard to differentiate their products and services by creating innovative solutions that their customers can leverage at home and on-the-go, forcing them to consider new, more agile approaches to application development that empower their development teams to accelerate time-to-market, and launch new solutions as quickly as possible.

AT&T Alien Labs™ has identified a new tool from the TeamTNT adversary group, which has been previously observed targeting exposed Docker infrastructure for cryptocurrency mining purposes and credential theft. The group is using a new detection evasion tool, copied from open source repositories. The purpose of this blog is to share new technical intelligence and provide detection and analysis options for defenders.

In order to make policy decisions we commonly need to know the identity of the caller. Traditionally this has often been done by providing a user or client identifier along with the request, and using that identifier to look up further information like user details or permissions from a remote data source. While this model works fairly well for many applications, it scales poorly in distributed systems such as microservice environments.

Docker is totalling up to over 50 billion downloads of container images. With millions of applications available on Docker Hub, container-based applications are popular and make an easy way to consume and publish applications. That being said, the naive way of building your own Docker Node.js web applications may come with many security risks. So, how do we make security an essential part of Docker for Node.js developers?