Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

You’ve got a problem to solve and turned to Google Cloud Platform to build and host your solution. You create your account and are all set to brew some coffee and sit down at your workstation to architect, code, build, and deploy. Except… you aren’t. There are many knobs you must tweak and practices to put into action if you want your solution to be operative, secure, reliable, performant, and cost effective.

CVE-2021-25741 is a new vulnerability discovered in Kubernetes that allows users to create a container with subpath volume mounts to access files & directories outside of the volume, including the host filesystem. It was disclosed in September 2021 and affects kubelet, which is the node agent that runs on each Kubernetes node. In particular CVE-2021-25741 affects kubelet in these Kubernetes versions.

We’re excited to share that you can now use Snyk Container to scan container images stored in many more container registries. The latest additions include Github Container Registry, Nexus, DigitalOcean, GitLab Container Registry, and Google Artifact Registry.

Internet-facing applications are some of the most targeted workloads by threat actors. Securing this type of application is a must in order to protect your network, but this task is more complex in Kubernetes than in traditional environments, and it poses some challenges. Not only are threats magnified in a Kubernetes environment, but internet-facing applications in Kubernetes are also more vulnerable than their counterparts in traditional environments.

One of the most critical aspects of managing policy-as-code at scale is ensuring safety when deploying policy changes to production workloads. A misconfiguration or errant rule can lead to consequences such as overly permissive systems, service outages, and other forms of application or platform issues.

A new HIGH severity vulnerability was found in Kubernetes in which users may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. The issue is affecting the Kubelet component of Kubernetes (Kubelet is the primary "node agent" that runs on each node. It registers the node with the apiserver and launches PODs on it).

It has been one year since I joined Styra as the first European hire, and what a year it has been! Not only have we significantly grown our customer footprint with enterprises such as Zalando, European Patent Office and Extenda Retail, but the EMEA team has been growing at a rapid pace across engineering, sales and customer success and open source! I thought I’d share some takeaways on the industry / market from my interactions with customers and the community.

Network segmentation is almost as old as computer networking. The evolution of network segmentation went through switches to routers and firewalls, and as modern networks evolved, the ability to better control traffic by operating system native functionality evolved as well. Native controls like IP Tables became lingua franca, alongside access control lists, process isolations, and more. Native controls are not a new concept.

It’s been a great year so far for the Open Policy Agent (OPA) project and community. OPA achieved graduated status in the Cloud Native Computing Foundation (CNCF) in February and is quickly nearing 100 million downloads! With all this growth, we were excited to see the results of the second annual Open Policy Agent user survey. As I mentioned in my post on the Open Policy Agent blog, we survey the community to help better steer the project's long-term roadmap in the right direction.

HIPAA compliance law, the Health Insurance Portability and Accountability Act in long form, is one of the compliance standards the public and private healthcare companies need to address for building and maintaining public trust in telemedicine. During the COVID-19 pandemic, telemedicine has been the solution to withstand the excess influx to hospitals and health centers, avoiding unnecessary exposure of patients.