#containersecurity — Public Fediverse posts

While #Docker makes it easy to start and manage containers, a host system is still required to run them. These systems form the infrastructure on which containers run and are covered by objective 702.3 of the DevOps Tools Engineer 2.0 exam.

Dive into episode 8 of the DevOps 2.0 introduction series to learn more from Fabian Thorns and Uirá Ribeiro: https://lpi.org/5nix

#DevOps #Containers #Docker #ContainerImages #ContainerSecurity

☁️ Cloud Security Toolkit – What Modern Teams Actually Need 🛡️
The cloud changed everything — speed, scale, AND attack surface. Security now happens at runtime, at identity level, and inside every pipeline. If your tools can’t see everything, they’re already failing.

Core Categories to Lock In:
• CSPM → Posture & misconfig checks (Prisma Cloud, Wiz, Dome9)
• CWPP → Runtime protection for VMs & containers (CrowdStrike, Aqua, Trend Micro)
• CASB → SaaS visibility & data control (Netskope, MS Defender for Cloud Apps)
• IAM → Hardening identity (AWS IAM, Azure AD, Okta, BeyondTrust)
• SIEM / Threat Detection → Splunk, Sumo Logic, Datadog + cloud logs
• Vuln & Config Scanning → Tenable, Trivy, Qualys for IaC & images
• Secrets Management → HashiCorp Vault, AWS Secrets Manager
• CI/CD Supply Chain Defense → Snyk, Checkov, GitHub Advanced Security

🧠 Cloud Rule:
Attackers don’t break in — they log in. Identity is the new perimeter.

Always what do you guys think ?

⚠️ Use responsibly. Test in staging before production. Map every tool to your threat model, compliance framework, and provider stack.

#CloudSecurity #DevSecOps #CSPM #IAM #CWPP #SIEM #ContainerSecurity #InfoSec #CyberDefense #HacktivateLabs #SecurityTools

Alert: Three critical runC vulnerabilities (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) enable mount/symlink-based escapes that may redirect writes to /proc or other host targets. A successful exploit requires container start privileges via crafted mounts or malicious images/Dockerfiles. Patches: runC 1.2.8 / 1.3.3 / 1.4.0-rc.3+.
Detection & mitigation guidance:
• Patch runC immediately.
• Deploy rootless containers and enable user namespaces without host root mapping.
• Monitor for rapid symlink creation, unexpected bind mounts of /dev/null or /dev/console, and anomalous writes to procfs entries (e.g., /proc/sysrq-trigger).
• Harden CI/CD image provenance checks and disallow unverified custom mount configurations.
Share any YARA/OSQuery/Suricata rules you’ve validated — let’s collate detection patterns. Follow TechNadu for vetted technical advisories.

#containersecurity #runC #CVE #Kubernetes #Docker #threathunting #DFIR #DevSecOps

Need Nmap in a locked-down container? Build it yourself... safely.

Ever tried running Nmap in a hardened environment only to hit missing libraries? Downloading random static binaries from the internet is a risky endeavour.

Our Gabriel Garcia Teran walks through building your own Nmap, and has made a Go interactive tool that lets you select flags and versions, then generates and runs the full build command.

No black-box downloads!

📌 Read here: https://www.pentestpartners.com/security-blog/compiling-static-nmap-binary-for-jobs-in-restricted-environments/

#cybersecurity #nmap #redteam #containersecurity #infosec #devsecops

Imagine getting enterprise-grade container security without the enterprise price tag. Docker’s new catalog offers rapid 7-day patches, vetted by experts and even FedRAMP-ready—perfect for startups looking to level up their defense. Curious how?

https://thedefendopsdiaries.com/dockers-hardened-images-catalog-enterprise-grade-security-for-small-businesses/

#dockersecurity
#containersecurity
#smallbusiness
#hardenedimages
#cybersecurity
#fedramp
#devsecops
#vulnerabilitymanagement
#cloudsecurity

☁️ Cloud Security Tools — Essential Toolkit for Modern Teams 🛡️🚀

Cloud environments introduce new risks and require specialized tooling to secure workloads, configurations, and data. Use a mix of CSP-native and third-party tools to cover posture management, runtime protection, identity, and visibility. Key categories and examples: Cloud Security Posture Management (CSPM) — Prisma Cloud, Dome9, Wiz for misconfig & compliance checks 🔍; Cloud Workload Protection (CWPP) — CrowdStrike, Trend Micro, Aqua for container and VM runtime defense 🐳🛡️; Cloud Access Security Broker (CASB) — Netskope, Microsoft Defender for Cloud Apps for SaaS visibility & data control ☁️🔐; Identity & Access Management — AWS IAM/Azure AD hardening, BeyondTrust, Okta for strong auth & least privilege 🔑; Threat Detection & SIEM — Splunk, Sumo Logic, Datadog + cloud-native logging for alerting and forensics 📊; Vulnerability & Configuration Scanning — Qualys, Tenable, Trivy for images and infra-as-code scanning ⚙️; Secrets Management — HashiCorp Vault, AWS Secrets Manager for safe key handling 🔐; and Supply-chain & CI/CD security — Snyk, Checkov, GitHub Advanced Security to catch insecure deps and pipelines 🧩.

⚠️ Disclaimer:
For educational & defensive use only. Evaluate tools against your cloud provider, compliance needs, and threat model before deploying. Always test changes in staging before production. 🚫🔒

#CloudSecurity #CSPM #CWPP #IAM #DevSecOps #InfoSec #Cloud #CyberSecurity #SecurityTools #Compliance #ContainerSecurity ☁️🛡️

Discover how eBPF, Cilium, and Tetragon enhance container security with real-time kernel-level insights. Learn to combine these tools with SBOMs for robust security monitoring. Boost your skills with OS-SCi education programs! #ContainerSecurity #eBPF #Cilium #Tetragon #SBOMs https://dub.sh/cZVQvk6

https://www.calcalistech.com/ctechnews/article/hy0089mi7ye

#security #cybersecurity #cloudsecurity #funding #CSPM #CWPP #APISecurity #VulnerabilityManagement #Vulnerability #identitysecurity #ContainerSecurity
4/4

JFrog prevents massive Python supply chain attack with timely discovery

https://stackdiary.com/jfrog-prevents-massive-python-supply-chain-attack-with-timely-discovery/

#Python #JFrog #Security #TokenLeak #GitHub #Docker #SupplyChain #CodeSafety #Cybersecurity #DevOps #BinaryAnalysis #PyPI #SoftwareSecurity #TechAlert #DataProtection #CodingMishap #InfoSec #DeveloperTools #CloudSecurity #EthicalHacking #APISecrets #ContainerSecurity #BugBounty #WhiteHat #SecretScanning #PythonDev #IncidentResponse #ThreatPrevention #SecurityResearch #CyberVigilance

For all those at #RSAC2023, stop by booth 5227 to say hi to Team #Runecast – there to answer any questions about transforming to proactive, #AI-powered #Vulnerability Management, #ContainerSecurity, #Compliance, #Remediation and Reporting. Glad to see they’re having a great time! 👏🏽

If you want to see some truly ‘cutting-edge’ AI-powered magic for proactive risk-based #Vulnerability Management, #ContainerSecurity, #RiskManagement, #Compliance, #Upgrade Simulations and other ways of going home on time and not having to work weekends, stop by #Runecast booth 5227 at #RSAC2023.

“Distroless” does not immediately mean 100% secure.

Exploiting Distroless Images »
https://www.form3.tech/engineering/content/exploiting-distroless-images

#articles #security #distroless #ContainerSecurity

“Distroless” does not immediately mean 100% secure.

Exploiting Distroless Images »
https://www.form3.tech/engineering/content/exploiting-distroless-images

#articles #security #distroless #ContainerSecurity