Security News

The number one challenge around running Kubernetes in production, as named by survey participants: deployment of data-intensive transactional workloads. Kubernetes adoption challenge Many organizations use Kubernetes now, but how they use it diverges sharply.

Kubescape is an open-source tool for testing if Kubernetes is deployed securely, as defined in the recently released Kubernetes Hardening Guidance by NSA and CISA. About Kubernetes. "Kubernetes is commonly targeted for three reasons: data theft, computational power theft, or denial of service. Data theft is traditionally the primary motivation; however, cyber actors may attempt to use Kubernetes to harness a network's underlying infrastructure for computational power for purposes such as cryptocurrency mining," the NSA noted when it released the aforementioned guide.

The new contribution to the open source Kubernetes ecosystem addresses the need for organizations to easily deploy, run and manage Kubernetes clusters directly on top of bare metal servers, increasing performance and minimizing cost and operational effort."Running Kubernetes directly on bare metal servers is the next big thing for the Kubernetes community, but it has been challenging and difficult to implement," said Tenry Fu, CEO, Spectro Cloud.

Tigera launched a worldwide partner program to meet demand from the growing adoption of containers, Kubernetes, and microservices, which has created security and observability challenges for enterprises. The partner program opens doors for technology, services, and solution providers to build stronger relationships with their customers, expand their portfolios, and boost margins by building their expertise and ability to offer security and observability solutions for containers, Kubernetes, and microservices deployments.

The National Security Agency and the Cybersecurity and Infrastructure Security Agency released a report which details threats to Kubernetes environments and provides configuration guidance to minimize risk. Kubernetes is an open source system that automates the deployment, scaling, and management of applications run in containers.

New guidance from the United States Cybersecurity and Infrastructure Security Agency and the National Security Agency provides information on the steps that administrators can take to minimize risks associated with Kubernetes deployments. An open source container orchestration system for deploying and managing applications in containers, Kubernetes is often deployed in cloud environments.

The National Security Agency and the Cybersecurity and Infrastructure Security Agency have published comprehensive recommendations for strengthening the security of an organization's Kubernetes system. To help companies make their Kubernetes environment more difficult to compromise, the NSA and CISA released a 52-page cybersecurity technical report that offers guidance for admins to manage Kubernetes securely.

Entrust announced certification of its nShield hardware security modules with VMware Tanzu Kubernetes Grid. Entrust nShield HSMs provide robust cryptographic services, enhancing the security of containerized applications running on VMware Tanzu Kubernetes Grid.

Threat actors are abusing Argo Workflows to target Kubernetes deployments and deploy crypto-miners, according to a warning from security vendor Intezer. An open-source, container-native workflow engine that runs on Kubernetes, Argo Workflows allows users to run parallel jobs at ease from a central interface, reducing deployment complexity and leaving less room for errors.

Threat actors are abusing misconfigured Argo Workflows instances to deploy cryptocurrency miners on Kubernetes clusters. Argo Workflows is the most popular workflow execution engine for Kubernetes, designed to orchestrate parallel jobs for speeding up machine learning or data processing computing-intensive jobs on Kubernetes clusters.