Security News

Researchers have discovered never-before-seen malware, dubbed Hildegard, that is being used by the TeamTNT threat group to target Kubernetes clusters. Eventually, they warn, TeamTNT may launch a more large-scale cryptojacking attack via Kubernetes environments or steal data from applications running in Kubernetes clusters.

Platform9 announced a number of new features to provide operational efficiencies for its freedom, growth, and enterprise managed Kubernetes products. "Kubernetes is on a clear glide path to broad deployment in the enterprise and Platform9's unique SaaS managed approach unburdens users from the complexities of Kubernetes while ensuring the fastest adoption possible," Maskasky explained further.

BoxBoat announced that Rancher Federal's enterprise platform for managed Kubernetes is now available through BoxBoat's Multiple Award Schedule contract with the General Services Administration. As agencies adopt Kubernetes and DevSecOps, Rancher provides audited and US-validated distributions of critical open-source products necessary to deliver cutting-edge DevSecOps.

IBM-owned Red Hat is to snaffle container security outfit StackRox and plans to fold the company's tech into its OpenShift platform. The amount being spent on the acquisition was not shared, although Crunchbase reported that StackRox has picked up more than $65m of funding in recent years, with a $26.5m investment led by Menlo Ventures as recently as September last year.

WekaIO announced that Weka File System, with its Kubernetes Container Storage Interface plug-in, has successfully completed interoperability testing with Rancher Labs' Kubernetes management platform. A complete software stack for teams adopting containers, Rancher is a leading choice for enterprises looking to run containers and Kubernetes in production.

Entrust has announced its new partnership with Mirantis and the certification of its nShield hardware security modules with the Mirantis Kubernetes Engine. Entrust nShield HSMs become the first Mirantis-certified HSMs in the market to deliver enhanced security to the Mirantis Kubernetes Engine.

For December's Patch Tuesday bug bonanza, Microsoft handed out fixes for a mere 58 vulnerabilities while various other orgs addressed shortcomings in their own software in separate, parallel announcements. In a post on Monday to a Kubernetes mailing list, Apple software engineer Tim Allclair, a member of the Kubernetes Product Security Committee, outlined a medium severity bug by which an individual with the ability to create or edit services and pods could intercept traffic from other pods/nodes in the cluster.

The Kubernetes Product Security Committee has provided advice on how to temporarily block attackers from exploiting a vulnerability that could enable them to intercept traffic from other pods in multi-tenant Kubernetes clusters in man-in-the-middle attacks. CVE-2020-8554 is a design flaw that impacts all Kubernetes versions, with multi-tenant clusters that allow tenants to create and update services and pods being the most vulnerable to attacks.

Sysdig announced the launch of zero trust network security for Kubernetes. With total network visibility and automated rule creation, Sysdig reduces the time to implement network security from weeks to hours.

Trilio announced TrilioVault for Kubernetes v2.0, including a new management console to discover, control and manage data protection for Kubernetes applications across hybrid- and multi-cloud environments. As part of the latest TrilioVault for Kubernetes release, Trilio also announced enhanced enterprise-grade Kubernetes backup and restore capabilities, including comprehensive application support, certification of new distributions and multi-cloud enablement use cases.