Security News

Tigera launched a worldwide partner program to meet demand from the growing adoption of containers, Kubernetes, and microservices, which has created security and observability challenges for enterprises. The partner program opens doors for technology, services, and solution providers to build stronger relationships with their customers, expand their portfolios, and boost margins by building their expertise and ability to offer security and observability solutions for containers, Kubernetes, and microservices deployments.

The National Security Agency and the Cybersecurity and Infrastructure Security Agency released a report which details threats to Kubernetes environments and provides configuration guidance to minimize risk. Kubernetes is an open source system that automates the deployment, scaling, and management of applications run in containers.

New guidance from the United States Cybersecurity and Infrastructure Security Agency and the National Security Agency provides information on the steps that administrators can take to minimize risks associated with Kubernetes deployments. An open source container orchestration system for deploying and managing applications in containers, Kubernetes is often deployed in cloud environments.

The National Security Agency and the Cybersecurity and Infrastructure Security Agency have published comprehensive recommendations for strengthening the security of an organization's Kubernetes system. To help companies make their Kubernetes environment more difficult to compromise, the NSA and CISA released a 52-page cybersecurity technical report that offers guidance for admins to manage Kubernetes securely.

Entrust announced certification of its nShield hardware security modules with VMware Tanzu Kubernetes Grid. Entrust nShield HSMs provide robust cryptographic services, enhancing the security of containerized applications running on VMware Tanzu Kubernetes Grid.

Threat actors are abusing Argo Workflows to target Kubernetes deployments and deploy crypto-miners, according to a warning from security vendor Intezer. An open-source, container-native workflow engine that runs on Kubernetes, Argo Workflows allows users to run parallel jobs at ease from a central interface, reducing deployment complexity and leaving less room for errors.

Threat actors are abusing misconfigured Argo Workflows instances to deploy cryptocurrency miners on Kubernetes clusters. Argo Workflows is the most popular workflow execution engine for Kubernetes, designed to orchestrate parallel jobs for speeding up machine learning or data processing computing-intensive jobs on Kubernetes clusters.

Kubernetes clusters are being attacked via misconfigured Argo Workflows instances, security researchers are warning. Argo Workflows is an open-source, container-native workflow engine for orchestrating parallel jobs on Kubernetes - to speed up processing time for compute-intensive jobs like machine learning and big-data processing.

Platform9 Managed KubeVirt is the managed KubeVirt solution to offer a unified platform to run virtual machines alongside containers. "Traditional virtualization solutions are expensive and managing a virtualization stack in addition to Kubernetes is complex and error-prone," said Madhura Maskasky, VP of Product at Platform9.

D2iQ announced the availability of the D2iQ Kubernetes Platform, including D2iQ Kommander, D2iQ Konvoy, and D2iQ Kaptain, in the Microsoft Azure Marketplace, an online store providing applications and services for use on Azure. The D2iQ Kubernetes Platform provides customers with the technology, services, and support they need to be successful with Kubernetes in production.