Security News

Argo CD vulnerability leaks sensitive info from Kubernetes apps
2022-02-04 15:43

A vulnerability in Argo CD, used by thousands of orgs for deploying applications to Kubernetes, can be leveraged in attacks to disclose sensitive information such as passwords and API keys. Threat actors can exploit the vulnerability by loading a malicious Kubernetes Helm Chart YAML file onto the target system, allowing the extraction of sensitive information from other applications.

Open-source Kubernetes tool Argo CD has a high-severity path traversal flaw: Patch now
2022-02-04 15:22

A zero-day vulnerability in open-source Kubernetes development tool Argo lets malicious people steal passwords from git-crypt and other sensitive information by simply uploading a crafted Helm chart. The vuln, tracked as CVE-2022-24438, exists in Argo CD, a widely used open-source continuous delivery tool for Kubernetes.

Linux kernel bug can let hackers escape Kubernetes containers
2022-01-25 16:56

A vulnerability affecting Linux kernel and tracked as CVE-2022-0185 can be used to escape containers in Kubernetes, giving access to resources on the host system. CVE-2022-0185 is a heap-based buffer overflow vulnerability in the "File System Context" Linux kernel component that can lead to an out-of-bounds write, denial of service, and arbitrary code execution.

Big data moving to Kubernetes with speed, complexities arising
2021-12-23 03:30

Pepperdata announced the results of a new survey to gauge the pace at which enterprises are migrating big data applications to Kubernetes containers. Kubernetes is the preferred container orchestration technology for its agility, speed and efficiency for scaling and managing apps and infrastructure.

Are you making good progress with Kubernetes? Cybercriminals are progressing faster
2021-10-06 19:00

If you're congratulating yourself on your progress adopting Kubernetes, just consider that the cybercriminals have been poring over it too. Does your Kubernetes deployment support multiple components and services across multiple nodes, all spawning data, the hijacking of which could bring your operations to a shuddering halt? Great.

Sure, you can do Kubernetes at scale. But can you do it securely too?
2021-10-01 18:00

Doing cloud native at enterprise scale is no mean feat, but doing it securely is the real challenge. Who do you turn to for practical guidance? To help you better understand and navigate the challenges enterprise scale brings, KubeSec Enterprise vSummit will focus on real-world enterprise experience in securing production environments.

IT executives do not believe their business can have both a flexible and usable Kubernetes environment
2021-09-29 04:27

A Dimensional Research survey shares Kubernetes best practices and key insights about the rapidly growing and evolving use of Kubernetes within businesses. The findings of the survey highlight the need for continued innovation in the way Kubernetes and its related ecosystem are used and managed in real production environments in order to further bridge the gap between Information Technology Operations and Development Operations teams across organizations.

Week in review: How to retain best cybersecurity talent, securing Kubernetes, data decay
2021-09-26 08:00

Securing Kubernetes as it becomes mainstreamIn this interview with Help Net Security, Shauli Rozen, CEO at ARMO, talks about securing Kubernetes systems, what makes them susceptible to cyberattacks and what should organizations expect when deploying them. What businesses need to know about data decayData decay is the aging and obsolescence of data in such a way that makes it no longer usable due to loss of its integrity, completeness, and accuracy.

Securing Kubernetes as it becomes mainstream
2021-09-20 05:30

In this interview with Help Net Security, Shauli Rozen, CEO at ARMO, talks about securing Kubernetes systems, what makes them susceptible to cyberattacks and what should organizations expect when deploying them. High value targets - as Kubernetes becomes more mainstream, used by more companies, in more environments, it is now placed in places with high value, it is no longer just in a small workload somewhere, a test application, or a "Software playground" - it is right there in the core of production environment and in an extremely fast rising number of organizations.

‘Azurescape’ Kubernetes Attack Allows Cross-Container Cloud Compromise
2021-09-09 16:39

In the multitenant architecture, each customer's container is hosted in a Kubernetes pod on a dedicated, single-tenant node virtual machine, according to the analysis, and the boundaries between customers are enforced by this node-per-tenant structure. "Since practically anyone can deploy a container to the platform, ACI must ensure that malicious containers cannot disrupt, leak information, execute code or otherwise affect other customers' containers," explained researchers.