Virtualization & Cloud

It’s projected that by 2027, more than 90% of global organizations will be running containerized applications, while 63% of enterprises already adopted a cloud-native strategy in their businesses in 2023.

By 2025, Gartner has projected that over half of enterprises’ expenditure on software, infrastructure, business process services, and system infrastructure will be directed toward cloud-based solutions. We have seen this trend in enterprise spending both during and after the pandemic, on top of how fast companies are shifting to the cloud.

Tools that aggregate access into multiple different environments, such as API gateways, pose a security risk for all these environments upon breach. In this article, we continue our journey through the security issues of the API Gateway landscape. Our new research focuses on another popular API gateway — Kong.

Container Advisor (cAdvisor) is an open-source monitoring tool for containers that is widely used in cloud services. It logs and monitors metrics like network input/output (I/O), disk I/O, and CPU usage. However, misconfigured deployments might inadvertently expose sensitive information, including environment variables such as Prometheus metrics. In this article, we share our findings of the risks we have uncovered and the vulnerable configurations users need to be aware of.

We delve into the multifaceted nature of cloud cyberthreats in 2024, from the stealthy dangers of data poisoning in machine learning models to the complexities of securing APIs, and more.

Attackers abuse different supply-chain scenarios to indirectly compromise organizations and applications. We delve into how a software pipeline works, where attacks could come from, and how to improve security.

Kubernetes, also known as K8s, is a very complex open-source platform that requires detailed attention to security. Despite previous efforts to increase its security, Kubernetes remains insecure by default and requires different security tools to protect the cluster.

In this entry, we continue delving into an investigation of exposed registries and look at the types of files and information that malicious actors can access and compromise from these.

In this entry, we will discuss publicly exposed registries, which are repositories or databases containing information accessible to the public without the need for authentication.