#jobs #incident #vulnerability #patch-management #security-tools #ai #detection-engineering #exploit #breach #malware #ransomware #phishing #cloud #zero-day #authentication
Articles tagged with: #container Clear filter
Shrinking the Kernel Attack Surface Through Static and Dynamic Syscall Limitation

Shrinking the Kernel Attack Surface Through Static and Dynamic Syscall Limitation

cs.CR updates on arXiv.org arxiv.org

arXiv:2510.03720v1 Announce Type: new Abstract: Linux Seccomp is widely used by the program developers and the system maintainers to secure the operating systems, which can block unused syscalls for different applications and containers to shrink the attack surface of the operating systems. However, it is difficult to configure the whitelist of a container or application without the help of program developers. Docker containers block about only 50 syscalls by default, and lots of unblocked...

#incident #attack-surface #docker #container
gh0stEdit: Exploiting Layer-Based Access Vulnerability Within Docker Container Images

gh0stEdit: Exploiting Layer-Based Access Vulnerability Within Docker Container Images

cs.CR updates on arXiv.org arxiv.org

arXiv:2506.08218v2 Announce Type: replace Abstract: Containerisation is a popular deployment process for application-level virtualisation using a layer-based approach. Docker is a leading provider of containerisation, and through the Docker Hub, users can supply Docker images for sharing and re-purposing popular software application containers. Using a combination of in-built inspection commands, publicly displayed image layer content, and static image scanning, Docker images are designed to...

#vulnerability #patch-management #docker #container
Falcon Image Analyzer vs Image Assessment

Falcon Image Analyzer vs Image Assessment

CrowdStrike www.reddit.com

I am looking to understand how to differentiate the vulnerability findings from Falcon Image Analyzer on the container vs Image Assessment from ECR. We have both deployed but having a hard time differentiating "where" the vulnerabilities came from within the UI. submitted by /u/ITS_CONQUEEFTADOR [link] [comments]

#vulnerability #patch-management #container
ML Models in Production: The Security Gap We Keep Running Into

ML Models in Production: The Security Gap We Keep Running Into

cybersecurity www.reddit.com

Hey r/cybersecurity , I've been working with organizations deploying ML models to Kubernetes, and there's a massive security gap that doesn't get enough attention. Most teams are treating models like they're just another application when they're fundamentally different from a security perspective. The Problem Most orgs have solid security for their traditional apps - container scanning, RBAC, the works. But ML models? They're a different beast entirely: Models aren't just code - They're 5-50GB...

#container #k8s
I had an idea to maybe reduce email phishing effects

I had an idea to maybe reduce email phishing effects

cybersecurity www.reddit.com

There is a chance that this idea already exists, but maybe not. So the idea is to simply open emails(and the links within) in a docker-like container and monitor what the link does and determine whether or not the link is malicious. If anyone knows software that's has this implemented please let me know the name. submitted by /u/cama888 [link] [comments]

#phishing #docker #container
How "in the weeds" are you in devops, automation, and containerization

How "in the weeds" are you in devops, automation, and containerization

cybersecurity www.reddit.com

Fellow cybersecurity professionals - how deep in the weeds are you getting these days? It feels like the lines between compliance, auditing, security engineering, DevOps pipelines, and container orchestration are blurring more and more. One week I'm knee-deep in Cisco configs, the next I'm writing automation scripts to enforce compliance at scale, and somehow still getting pulled into incident response. Are you finding yourself: Writing more Terraform/Ansible than traditional security...

#incident #container #incident-response
A High-performance Real-time Container File Monitoring Approach Based on Virtual Machine Introspection

A High-performance Real-time Container File Monitoring Approach Based on Virtual Machine Introspection

cs.CR updates on arXiv.org arxiv.org

arXiv:2509.16030v1 Announce Type: new Abstract: As cloud computing continues to advance and become an integral part of modern IT infrastructure, container security has emerged as a critical factor in ensuring the smooth operation of cloud-native applications. An attacker can attack the service in the container or even perform the container escape attack by tampering with the files. Monitoring container files is important for APT detection and cyberspace security. Existing file monitoring...

#cloud #incident #detection-engineering #container #container-security
Nokia CBIS/NCS Manager API Vulnerability Let Attackers Bypass Authentication

Nokia CBIS/NCS Manager API Vulnerability Let Attackers Bypass Authentication

Cyber Security News cybersecuritynews.com

A critical authentication bypass vulnerability has emerged in Nokia's CloudBand Infrastructure Software (CBIS) and Nokia Container Service (NCS) Manager API, designated as CVE-2023-49564. This high-severity flaw, scoring 9.6 on the CVSS v3.1 scale, enables unauthorized attackers to circumvent authentication mechanisms through specially crafted HTTP headers, potentially granting complete access to restricted API endpoints without valid

#vulnerability #patch-management #authentication #container
Security team keeps slowing down our CI/CD

Security team keeps slowing down our CI/CD

cybersecurity www.reddit.com

Feels like every deploy gets harder. Security keeps adding more scanners that take ages and fail on random issues. Now they want every container image scanned for vulnerabilities. Fine in theory, but each scan takes 20 minutes and blocks the build if it finds some outdated openssl package that's not even in use. Meanwhile, devs are skipping the pipeline and pushing straight to prod because "it's broken again." How are you handling the balance between security checks and actually shipping code?...

#vulnerability #container
Broadcom's New Bitnami Restrictions? Migrate Easily with Docker

Broadcom's New Bitnami Restrictions? Migrate Easily with Docker

Docker www.docker.com

For years, Bitnami has played a vital role in the open source and cloud-native community, making it easier for developers and operators to deploy popular applications with reliable, prebuilt container images and Helm charts. Countless teams have benefited from their work standardizing installation and updates for everything from WordPress to PostgreSQL. We want to acknowledge

#cloud #docker #container
ASPM in CI/CD - any success?

ASPM in CI/CD - any success?

cybersecurity www.reddit.com

Tried adding ASPM into our SDLC a couple of times and it was a mess; too much noise, plus broken builds. Lately I see more tools claiming "native CI/CD support." Does anyone here have it running smoothly in prod? especially with IaC or container pipelines. submitted by /u/llggll [link] [comments]

#container
AWS services scale to new heights for Prime Day 2025: key metrics and milestones

AWS services scale to new heights for Prime Day 2025: key metrics and milestones

AWS News Blog aws.amazon.com

Amazon Prime Day 2025 achieved record-breaking sales with enhanced AI shopping features, while AWS infrastructure handled unprecedented volumes of data - including 1.7 trillion Lambda invocations per day, DynamoDB peaking at 151 million requests per second, and a 77% increase in Fargate container tasks - showcasing the massive scalability required to power the four-day shopping event.

#aws #container
Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3

Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3

The Hacker News thehackernews.com

Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially allow an attacker to break out of the confines of a container. The vulnerability, tracked as CVE-2025-9074, carries a CVSS score of 9.3 out of 10.0. It has been addressed in version 4.44.3. "A malicious container running on Docker Desktop could access the

#vulnerability #patch-management #docker #container
Simplify Your Docker Management with Portainer

Simplify Your Docker Management with Portainer

cylab.be cylab.be

Docker and containers have revolutionized the way we build, ship, and run applications! However, managing multiple containers and services can become increasingly complex. That's where Portainer comes in! This powerful and intuitive container management web application makes it easy to deploy, manage, and monitor your Docker environments.

#docker #container
Windows Docker Desktop Vulnerability Leads to Full Host Compromise

Windows Docker Desktop Vulnerability Leads to Full Host Compromise

Cyber Security News cybersecuritynews.com

A newly disclosed vulnerability in Docker Desktop for Windows has revealed how a simple Server-Side Request Forgery (SSRF) attack could lead to complete host system compromise. CVE-2025-9074, discovered by Felix Boulet and reported on August 21, 2025, affects all Docker Desktop versions prior to 4.44.3 and demonstrates how container isolation can be completely bypassed through

#vulnerability #incident #docker #container #ssrf
Prototyping an AI Tutor with Docker Model Runner

Prototyping an AI Tutor with Docker Model Runner

Docker www.docker.com

Every developer remembers their first docker run hello-world. The mix of excitement and wonder as that simple command pulls an image, creates a container, and displays a friendly message. But what if AI could make that experience even better? As a technical writer on Docker's Docs team, I spend my days thinking about developer experience.

#docker #container