Security News

New guidance from the United States Cybersecurity and Infrastructure Security Agency and the National Security Agency provides information on the steps that administrators can take to minimize risks associated with Kubernetes deployments. An open source container orchestration system for deploying and managing applications in containers, Kubernetes is often deployed in cloud environments.

The National Security Agency and the Cybersecurity and Infrastructure Security Agency have published comprehensive recommendations for strengthening the security of an organization's Kubernetes system. To help companies make their Kubernetes environment more difficult to compromise, the NSA and CISA released a 52-page cybersecurity technical report that offers guidance for admins to manage Kubernetes securely.

Entrust announced certification of its nShield hardware security modules with VMware Tanzu Kubernetes Grid. Entrust nShield HSMs provide robust cryptographic services, enhancing the security of containerized applications running on VMware Tanzu Kubernetes Grid.

Threat actors are abusing Argo Workflows to target Kubernetes deployments and deploy crypto-miners, according to a warning from security vendor Intezer. An open-source, container-native workflow engine that runs on Kubernetes, Argo Workflows allows users to run parallel jobs at ease from a central interface, reducing deployment complexity and leaving less room for errors.

Threat actors are abusing misconfigured Argo Workflows instances to deploy cryptocurrency miners on Kubernetes clusters. Argo Workflows is the most popular workflow execution engine for Kubernetes, designed to orchestrate parallel jobs for speeding up machine learning or data processing computing-intensive jobs on Kubernetes clusters.

Kubernetes clusters are being attacked via misconfigured Argo Workflows instances, security researchers are warning. Argo Workflows is an open-source, container-native workflow engine for orchestrating parallel jobs on Kubernetes - to speed up processing time for compute-intensive jobs like machine learning and big-data processing.

Platform9 Managed KubeVirt is the managed KubeVirt solution to offer a unified platform to run virtual machines alongside containers. "Traditional virtualization solutions are expensive and managing a virtualization stack in addition to Kubernetes is complex and error-prone," said Madhura Maskasky, VP of Product at Platform9.

D2iQ announced the availability of the D2iQ Kubernetes Platform, including D2iQ Kommander, D2iQ Konvoy, and D2iQ Kaptain, in the Microsoft Azure Marketplace, an online store providing applications and services for use on Azure. The D2iQ Kubernetes Platform provides customers with the technology, services, and support they need to be successful with Kubernetes in production.

The National Security Agency warns that Russian nation-state hackers are conducting brute force attacks to access US networks and steal email and files. In a new advisory released today, the NSA states that the Russian GRU's 85th Main Special Service Center, military unit 26165, has been using a Kubernetes cluster since 2019 to perform password spray attacks on US and foreign organizations, including the US government and Department of Defense agencies.

Zettaset announced that XCrypt Kubernetes Encryption is available on the VMware Marketplace. VMware Marketplace enables customers to discover and deploy compatible, validated third-party solutions to VMware environments.