VSHN.timer #93: Pentest For All

Welcome to another VSHN.timer! Every Monday, 5 links related to Kubernetes, OpenShift, CI / CD, and DevOps; all stuff coming out of our own chat system, making us think, laugh, or simply work better.

This week we’re going to talk about noteworthy attacks, and how DevOps teams can proactively prevent them.

1. After a decade of NDA silence, we can finally learn all about one of the most important cyberattacks in modern history. It happened in 2011, when Chinese spies stole the RSA secret seeds used for their SecurID devices. An equally fascinating and disturbing story, and a lesson for all of us in the industry.

https://www.wired.com/story/the-full-story-of-the-stunning-rsa-hack-can-finally-be-told/

2. We learnt recently of the ransomware attack on swiss cloud, a painful reminder to all of us that even our dear neutral Switzerland is exposed to the same threats as everyone else.

https://therecord.media/swiss-cloud-becomes-the-latest-web-hosting-provider-to-suffer-a-ransomware-attack/

3. Containers are the basic building block of modern Cloud Native apps; yet unaware (DevOops) engineers might inadvertently add a COPY statement too much in their Dockerfile, leading to leaking secrets to the outer world. Ouch.

https://pythonspeed.com/articles/leaking-secrets-docker/

4. Want to feel safer online? Get yourself a Cyrillic keyboard layout. No, you don’t need to buy a new keyboard; just add that keyboard layout to your personal computer setup, even if you’re not really using it. Weird? Oh, totally.

https://krebsonsecurity.com/2021/05/try-this-one-weird-trick-russian-hackers-hate/

5. The tool of the week is Kubesploit, helping DevSecOps teams to simulate real-world attacks on their own Cloud Native apps and infrastructure.

https://www.cyberark.com/resources/threat-research-blog/kubesploit-a-new-offensive-tool-for-testing-containerized-environments

Are you actively testing your systems for intrusions and attacks? What strategies do your teams apply for hardening your infrastructure? Would you like to share some tips and tricks with the community? Secure your network, get vaccinated against COVID-19, stay in touch with us, and see you next week for another edition of VSHN.timer.

PS: would you like to receive VSHN.timer every Monday in your inbox? Sign up for our weekly VSHN.timer newsletter.

PS²: check out our previous VSHN.timer editions about Security: #8, #17, #22, #27, #32, #44, #54, #62, #76, and #84.