The most beautiful and inspiring aspect about open source code is, well, that it’s open source. We can look at open source packages like gifts that are exchanged between developers across the engineering world, allowing them to learn from the work other people do, contribute their own expertise, and grow their professional capabilities. Contributing to open source is much appreciated, and it is important to remember not only to benefit from these projects, but also to contribute back.

Kubernetes is a valuable resource and a leading container management system in development pipelines across the world, but it’s not exempt from malicious attacks. Using Kubernetes requires a deep understanding of Kubernetes’ environment—including the different vulnerabilities you can be exposed to while creating, deploying, or running applications in your clusters.

On March 4th, a new privilege escalation vulnerability (CVE-2022-0492) in the Linux kernel was published. It has the potential to allow container escape and take control over the entire node on which the container runs. All the CSPs and Linux distribution providers have issued patches to close this vulnerability. Unfortunately, there is no unified kernel version numbering across these platforms and some of them allow to apply a patch without changing the kernel version number.

Linux maintainers disclosed a privilege escalation vulnerability in the Linux Kernel. The vulnerability has been issued a Common Vulnerability and Exposures ID of CVE-2022-0492 and is rated as a High (7.0) severity. The flaw occurs in cgroups permitting an attacker to escape container environments, and elevate privileges. The vulnerable code was found in the Linux Kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function.

By its general purpose nature, Open Policy Agent (OPA) allows for a unified way of dealing with policy across a wide range of use cases. One particularly interesting use case for OPA, and one which will be the focus of this series of blogs, is that of application authorization (or entitlements, or simply, authorization).

In the last few years, Kubernetes has grown exponentially in popularity. Its wide adoption can be attributed to its open source nature, flexibility, and ability to run anywhere. Developers also love the fact that you can manage everything in Kubernetes using code. kubectl is the Kubernetes-specific command line tool that lets you communicate and control Kubernetes clusters. Whether you’re creating, managing, or deleting resources on your Kubernetes platform, kubectl is an essential tool.

We’re excited to announce that infrastructure as code (IaC) and container security are joining code and open source dependency security in the free Snyk plugin for JetBrains IDEs. As of today, developers using JetBrains IDEs can secure their entire application with a click of a button. Snyk Security for JetBrains increases code security and reduces time spent on manual code reviews by empowering developers to find and fix issues within their JetBrains IDEs.

Malicious Docker containers are a relatively new form of attack, taking advantage of an exposed Docker API or vulnerable host to do their evil plotting.​​ In this article, we will walk through the triage of a malicious image containing a previously undetected-in-VirusTotal (at the time of this writing) piece of malware! Leaving a Docker API endpoint exposed to the world can have a variety of negative consequences.

Continuing with our security-first approach to Kubernetes data protection, in addition to Kubernetes Security Posture Reviews to scan your environment for vulnerabilities and misconfigurations, CloudCasa also added Cloud Security Posture Management for Amazon Web Services (AWS). Most attacks on cloud are the result of misconfigurations and mistakes, per industry analyst, Gartner. The research firm went on to forecast that through 2025, 99% of such attacks would be the customer’s fault.