Security News

Building for transactional workloads is the primary concern around deploying Kubernetes
2021-08-31 03:30

The number one challenge around running Kubernetes in production, as named by survey participants: deployment of data-intensive transactional workloads. Kubernetes adoption challenge Many organizations use Kubernetes now, but how they use it diverges sharply.

Kubescape helps admins manage Kubernetes securely
2021-08-24 05:00

Kubescape is an open-source tool for testing if Kubernetes is deployed securely, as defined in the recently released Kubernetes Hardening Guidance by NSA and CISA. About Kubernetes. "Kubernetes is commonly targeted for three reasons: data theft, computational power theft, or denial of service. Data theft is traditionally the primary motivation; however, cyber actors may attempt to use Kubernetes to harness a network's underlying infrastructure for computational power for purposes such as cryptocurrency mining," the NSA noted when it released the aforementioned guide.

Spectro Cloud open source project makes bare metal Kubernetes accessible
2021-08-17 12:36

The new contribution to the open source Kubernetes ecosystem addresses the need for organizations to easily deploy, run and manage Kubernetes clusters directly on top of bare metal servers, increasing performance and minimizing cost and operational effort."Running Kubernetes directly on bare metal servers is the next big thing for the Kubernetes community, but it has been challenging and difficult to implement," said Tenry Fu, CEO, Spectro Cloud.

Tigera addresses growing demand for security of containers, Kubernetes, and microservices
2021-08-12 23:45

Tigera launched a worldwide partner program to meet demand from the growing adoption of containers, Kubernetes, and microservices, which has created security and observability challenges for enterprises. The partner program opens doors for technology, services, and solution providers to build stronger relationships with their customers, expand their portfolios, and boost margins by building their expertise and ability to offer security and observability solutions for containers, Kubernetes, and microservices deployments.

How to harden Kubernetes systems and minimize risk
2021-08-09 04:30

The National Security Agency and the Cybersecurity and Infrastructure Security Agency released a report which details threats to Kubernetes environments and provides configuration guidance to minimize risk. Kubernetes is an open source system that automates the deployment, scaling, and management of applications run in containers.

New CISA and NSA Guidance Details Steps to Harden Kubernetes Systems
2021-08-04 13:56

New guidance from the United States Cybersecurity and Infrastructure Security Agency and the National Security Agency provides information on the steps that administrators can take to minimize risks associated with Kubernetes deployments. An open source container orchestration system for deploying and managing applications in containers, Kubernetes is often deployed in cloud environments.

NSA and CISA share Kubernetes security recommendations
2021-08-04 05:02

The National Security Agency and the Cybersecurity and Infrastructure Security Agency have published comprehensive recommendations for strengthening the security of an organization's Kubernetes system. To help companies make their Kubernetes environment more difficult to compromise, the NSA and CISA released a 52-page cybersecurity technical report that offers guidance for admins to manage Kubernetes securely.

Entrust nShield HSMs brings cryptographic services to VMware Tanzu Kubernetes Grid
2021-07-30 01:15

Entrust announced certification of its nShield hardware security modules with VMware Tanzu Kubernetes Grid. Entrust nShield HSMs provide robust cryptographic services, enhancing the security of containerized applications running on VMware Tanzu Kubernetes Grid.

Threat Actors Target Kubernetes Clusters via Argo Workflows
2021-07-23 16:00

Threat actors are abusing Argo Workflows to target Kubernetes deployments and deploy crypto-miners, according to a warning from security vendor Intezer. An open-source, container-native workflow engine that runs on Kubernetes, Argo Workflows allows users to run parallel jobs at ease from a central interface, reducing deployment complexity and leaving less room for errors.

Attackers deploy cryptominers on Kubernetes clusters via Argo Workflows
2021-07-23 15:27

Threat actors are abusing misconfigured Argo Workflows instances to deploy cryptocurrency miners on Kubernetes clusters. Argo Workflows is the most popular workflow execution engine for Kubernetes, designed to orchestrate parallel jobs for speeding up machine learning or data processing computing-intensive jobs on Kubernetes clusters.