Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Containers

Securing PostgreSQL from Cryptojacking Campaigns in Kubernetes

PostgreSQL is a powerful, open-source relational database management system (RDBMS). Because of its robustness and scalability, PostgreSQL is used extensively in the cloud. Most public cloud providers including AWS, Azure and GCP provide database services to their customers based on PostgreSQL.

Deeper Dive: Updates to Our Kubernetes Essential Policy Toolkit

Last week we announced the broadest policy library and toolset for Kubernetes, Terraform and CloudFormation. This work is part of our effort to support platform engineering and cloud infrastructure teams with policy guardrails, as they work to support hundreds (or thousands) of developers. But what does this exactly mean for Kubernetes users? Today we’ll cover the Styra DAS features and policies that are now at your fingertips for those managing Kubernetes clusters.

Moving on From Pod Security Policy with OPA and Styra DAS

In this video, Styra Solutions Architect Ádám Sándor shares how teams can use OPA and Styra DAS to manage the deprecation of Kubernetes PodSecurityPolicy (PSP) in Kubernetes v1.25. Not only can OPA can work in tandem with the new Pod Security Admission, but dedicated PSP Policy Packs with Styra DAS can help automate many of these necessary changes.

HashiCorp +Styra: Validate Terraform Infrastructure using Styra DAS and Terraform Cloud

Security teams must constantly scan infrastructure for policy violations. HashiCorp’s Terraform Cloud, and Styra DAS, an OPA-based authorization management platform, work together to keep infrastructure compliant by mandating verification of Terraform configurations at provisioning.

What is Service Mesh in Microservices?

The microservice architecture involves breaking the application into small interconnected services, each performing a specific task. This breakdown enables developers to work on individual services without affecting the rest of the application, leading to more agility and easier scaling. These services communicate through APIs and, as the number of services within an application increases, developers may introduce a microservice service mesh to control all the service-to-service communication.

CVE-2023-0210

KSMBD, as defined by the kernel documentation1, is a linux kernel server which implements SMB3 protocol in kernel space for sharing files over network. It was introduced in kernel version ‘v5.15-rc1’ so it’s still relatively new. Most distributions do not have KSMBD compiled into the kernel or enabled by default. Recently, another vulnerability (ZDI-22-16902) was discovered in KSMBD, which allowed for unauthenticated remote code execution in the kernel context.

How to Prevent a DDoS Attack in the Cloud

If you want to learn how to prevent a DDoS attack in your cloud environment by detecting the early signs of compromise associated with this threat, then this article should explain most of the best practices required to secure your cloud infrastructure. From January through July 2022, Sysdig Threat Research team implemented a global honeynet system that captured numerous breaches through multiple attack vectors.