Tag: kubernetes
-
DEF CON 32 Kubernetes Attack Simulation: The Definitive Guide
Author/Presenter: Leo Tsaousis Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/def-con-32-kubernetes-attack-simulation-the-definitive-guide/
-
What is SIEM? Improving security posture through event log data
Tags: access, ai, api, automation, ciso, cloud, compliance, data, defense, detection, edr, endpoint, firewall, fortinet, gartner, google, guide, ibm, infrastructure, intelligence, kubernetes, LLM, microsoft, mitigation, mobile, monitoring, network, openai, regulation, risk, router, security-incident, service, siem, soar, soc, software, threat, toolAt its core, a SIEM is designed to parse and analyze various log files, including firewalls, servers, routers and so forth. This means that SIEMs can become the central “nerve center” of a security operations center, driving other monitoring functions to resolve the various daily alerts.Added to this data are various threat intelligence feeds that…
-
Critical Vulnerability in Crowdstrike Falcon Sensor for Linux Enables TLS MiTM Exploits
CrowdStrike has disclosed a critical vulnerability (CVE-2025-1146) in its Falcon Sensor for Linux, its Falcon Kubernetes Admission Controller, and its Falcon Container Sensor. This flaw stems from a validation logic error in the handling of TLS (Transport Layer Security) connections, potentially exposing affected systems to man-in-the-middle (MiTM) attacks. The vulnerability underscores the importance of prompt…
-
Why we need a unified approach to Kubernetes environments
Tags: kubernetesFirst seen on scworld.com Jump to article: www.scworld.com/perspective/why-we-need-a-unified-approach-to-kubernetes-environments
-
Horizon3 launches NodeZero Kubernetes pentesting
First seen on scworld.com Jump to article: www.scworld.com/brief/horizon3-launches-nodezero-kubernetes-pentesting
-
Key trends for Kubernetes security in 2024
Tags: kubernetesFirst seen on scworld.com Jump to article: www.scworld.com/brief/key-trends-for-kubernetes-security-in-2024
-
Misconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to Exploitation
Cybersecurity researchers have uncovered three security weaknesses in Microsoft’s Azure Data Factory Apache Airflow integration that, if successfully exploited, could have allowed an attacker to gain the ability to conduct various covert actions, including data exfiltration and malware deployment.”Exploiting these flaws could allow attackers to gain persistent access as shadow administrators First seen on thehackernews.com…
-
Impart is now available in the AWS Marketplace – Impart Security
Tags: api, attack, data, detection, fraud, infrastructure, injection, kubernetes, marketplace, metric, monitoring, risk, service, strategy, threat, tool, update, wafToday, we are thrilled to announce that Impart is now available in the AWS Marketplace. More Streamlined Contracting AWS customers with existing spend commitments can apply their Impart purchase toward their AWS commitment. This availability simplifies the buying process with streamlined contractual and legal terms, enabling faster procurement. Product Benefits AWS customers can now more easily purchase…
-
Cybersecurity Snapshot: CISA Hands Down Cloud Security Directive, While Threat from North Korean IT Workers Gets the Spotlight
Tags: access, ai, authentication, best-practice, business, china, cisa, cisco, cloud, computer, control, cyber, cybersecurity, data, data-breach, email, extortion, finance, framework, fraud, google, government, guide, hacker, identity, incident, incident response, infrastructure, intelligence, international, Internet, jobs, korea, kubernetes, law, lessons-learned, linux, login, malicious, microsoft, mobile, monitoring, network, north-korea, office, password, regulation, risk, risk-management, russia, service, software, tactics, technology, threat, tool, updateCheck out the new cloud security requirements for federal agencies. Plus, beware of North Korean government operatives posing as remote IT pros. Also, learn how water plants can protect their HMIs against cyberattacks. And get the latest on the U.S. cyber incident response framework; the CIS Benchmarks; and local and state governments’ cyber challenges. Dive…
-
EDR-Software ein Kaufratgeber
Tags: ai, android, api, backup, browser, chrome, cloud, computing, crowdstrike, cyberattack, detection, edr, endpoint, firewall, identity, incident response, intelligence, iot, kubernetes, linux, macOS, mail, malware, microsoft, network, ransomware, risk, siem, soar, software, sophos, threat, tool, windows, zero-day -
Kubernetes 1.32 A Security Perspective
Kubernetes continues to evolve its security posture with version 1.32, introducing several significant improvements in authentication, authorization, and First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/kubernetes-1-32-a-security-perspective/
-
Five ways to tighten up Kubernetes security
Tags: kubernetesFirst seen on scworld.com Jump to article: www.scworld.com/perspective/five-ways-to-tighten-up-kubernetes-security
-
Kubernetes-Storage: Portworx by Pure Storage benennt wichtige Trends
Mit Portworx können Unternehmen ihren Entwicklern ein Self-Service-Erlebnis bieten, während sie gleichzeitig die Verschwendung von GPU-Ressourcen verm… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/kubernetes-storage-portworx-by-pure-storage-benennt-wichtige-trends/a36885/
-
Veeam verbessert die Kubernetes-native Datensicherung mit Kasten V7.0
Mit seinem Schwerpunkt auf Cyber-Resilienz und der Erfüllung von Unternehmensanforderungen stellt Veeam Kasten V7.0 strenge, standardkonforme Sicherhe… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/veeam-verbessert-die-kubernetes-native-datensicherung-mit-kasten-v7-0/a37291/
-
Dynatrace präsentiert Observability-gesteuertes Kubernetes Security Posture Management
Die neue KSPM-Lösung von Dynatrace ermöglicht es Teams zusammen mit den bestehenden RVA- und RAP-Funktionen der Plattform, Risiken in ihren Kubernetes… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/dynatrace-praesentiert-observability-gesteuertes-kubernetes-security-posture-management/a37417/
-
Portworx by Pure Storage erläutert Best Practices für Kubernetes-Storage
Kubernetes ist extrem leistungsfähig bei der Orchestrierung und Verwaltung von Tausenden von containerisierten Anwendungen. Die Speicherung in Kuberne… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/portworx-by-pure-storage-erlaeutert-best-practices-fuer-kubernetes-storage/a38172/
-
Keep Hackers Out of Your Kubernetes Cluster with These 5 Simple Tricks!
First seen on tldrsec.com Jump to article: tldrsec.com/p/kubernetes-security-threat-informed-defense
-
Zero Trust Access to Kubernetes
Overthe past few years, Kudelski Security’s engineering team has prioritized migrating our infrastructure to multi-cloud environments. Our internal cl… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2021/12/14/zero-trust-access-to-kubernetes/
-
Kubernetes Image Builder Vulnerabilities
Summary Recently released were two vulnerabilities, CVE-2024-9486 (CVSS 9.8) and CVE-2024-9594 (CVSS 6.3), that impact the Kubernetes Image Builder. T… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2024/10/17/kubernetes-image-builder-vulnerabilities/