Security News
The Kubernetes industry is undergoing rapid change and evolution due to the growth of edge computing, the acceleration of AI, and the pressing need to modernize Kubernetes management in response to increasing technology scale and complexity, according to Spectro Cloud. Production Kubernetes deployments usually include multiple clusters across multiple kinds of infrastructure, using multiple distributions, with multiple software in the associated stacks.
The Aqua Trivy open-source scanner now supports vulnerability scanning for Kubernetes components and Kubernetes Bill of Materials generation. Now, companies can better understand the components within their Kubernetes environment and how secure they are to reduce risk.
Targeted at the DevSecOps practitioner or platform engineer, Kubescape, the open-source Kubernetes security platform has reached version 3.0. Reporting on the vulnerabilities of all the images in a cluster: This provides a comprehensive view of the security posture of all the images in a cluster and helps organizations prioritize remediation efforts.
Kubernetes, often abbreviated as K8s, is an open-source container orchestration platform that has redefined the way modern applications are developed, deployed, and managed. Born out of Google's internal container orchestration system, Kubernetes has become the de facto standard for containerized application management, offering a powerful and flexible platform for automating containerized applications' deployment, scaling, and management.
Three unpatched high-severity bugs in the NGINX ingress controller can be abused by miscreants to steal credentials and other secrets from Kubernetes clusters. The Register did not immediately receive a response to questions, including if the bugs have been found and exploited and when a patch will be issued.
Three unpatched high-severity security flaws have been disclosed in the NGINX Ingress controller for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the...
In 2023, a wave of new attacks targeting Kubernetes has been reported, from Dero and Monero crypto mining to Scarleteel and RBAC-Buster. In this Help Net Security video, Jimmy Mesta, CTO at KSOC, explores what it would take to protect against Kubernetes attacks in the real world.
Cybersecurity researchers have discovered a fresh batch of malicious packages in the npm package registry that are designed to exfiltrate Kubernetes configurations and SSH keys from compromised...
Three high-severity Kubernetes vulnerabilities could allow attackers to execute code remotely and gain control over all Windows nodes in the Kubernetes cluster. "The Kubernetes framework uses YAML files for basically everything - from configuring the Container Network Interface to pod management and even secret handling," Peled explained.
Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact all Kubernetes environments with Windows nodes.