96% Of Third-party Container Applications Contain Known Bugs

Share post:

96% of third-party container applications deployed in the cloud infrastructure contain known vulnerabilities.

The Palo Alto Unit 42 researchers reported this in their conclusions on the growing threats organizations face in their software supply chains today.

The report also revealed that several critical misconfigurations and vulnerabilities allowed the Unit 42 team to take over the customer’s cloud infrastructure within days, even for customers with a “mature” cloud security posture.

The report states: “In most supply chain attacks, an attacker compromises a vendor and inserts malicious code in software used by customers. Cloud infrastructure can fall prey to a similar approach in which unvetted third-party code could introduce security flaws and give attackers access to sensitive data in the cloud environment. Additionally, unless organizations verify sources, third-party code can come from anyone, including an Advanced Persistent Threat.”

For Valtix CTO Vishal Jain, he suggested that companies should focus on security during construction, including scanning IaC originals used to build cloud infrastructure and security at runtime.

For more information, read the original story in ZDNet.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, April 24, 2024 – Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more

This episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and passw

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways