A recent attack campaign targeted publicly accessible Docker, Hadoop, Confluence, and Redis deployments. The attackers exploited misconfigurations and known vulnerabilities to implant cryptominers on compromised systems. As Linux admins, infosec prof...
Containers have become increasingly popular in recent years, they can be spun up quickly and offer developers the opportunity to deliver projects faster as well as gains in agility, portability and improved lifecycle management.
The Enable Sysadmin community continues to answer key questions about OpenShift and Kubernetes.
Another year has gone by, and what a year it's been! We've had tons of news in the Kubernetes and OpenShift world, and an increasing number of companies are adopting this technology, which is dominating the container-orchestration market.
Last year, I wrote an article about 2021's OpenShift and Kubernetes highlights, and guess what: This is the list for the year 2022! Once again, the Enable Sysadmin community did not fail to contribute their diverse and expert knowledge.
Have fun with this selection of Enable Sysadmin's top articles of 2022 about Kubernetes and OpenShift Container Platform (OCP).
AWS has patched a vulnerability in its Elastic Container Registry (ECR) that was uncovered by Lightspin researcher Gafnit Amiga during an examination of AWS’s ECR APIs.
In the cloud-native space, where applications are purpose built and delivered to run in the cloud, one technology in particular rises above all others — Kubernetes.
Docker is a technology for containerization, while Kubernetes is a tool for orchestrating container deployments. In the subsequent subsections, we will discuss a variety of open-source tools that really are useful for securing Kubernetes clusters.
Container security is a fairly new technology, especially when viewed in the context of the speed of light technology changes in the fourth industrial revolution (4IR). Container technology itself is a topic that many security practitioners continue to find confusing, but its use is spreading fast, writes Craig De Lucchi, account director of CA Southern Africa.
Red Hat announced an expansion of its open solutions publicly available in AWS Marketplace, a digital catalogue with thousands of software listings from independent software vendors that are focused on making it easy to find, test, buy and deploy software that runs on Amazon Web Services (AWS).
A new open-source 'S3crets Scanner' scanner allows researchers and red-teamers to search for 'secrets' mistakenly stored in publicly exposed or company's Amazon AWS S3 storage buckets.
When we depend on an open commons as our computing foundation, we need it to be secure, and the most effective way to do that is through open solutions.
Linux operating systems power more than 90% of the world’s public cloud workload, from government web servers to smart manufacturing technologies. But as organizations continue to shift operations to the cloud, cybercriminals are following suit and directing their attention to Linux-based cyberattacks.
Ransomware in particular poses a major threat, but security vendors say there has been an increase in Linux-targeted cryptojacking, malware, and vulnerability exploits as well, and defenders need to be ready.
Containers are considered to be a standard way of deploying these microservices to the cloud. Containers are better than virtual machines in almost all ways except security, which may be the main barrier to their widespread adoption.
Security leaders are still dealing with the impact of Log4Shell, and cloud security leaders are changing the way they secure cloud workloads in the aftermath of Log4Shell. New Valtix research reveals that 95% of cybersecurity leaders say Log4Shell was a wake-up call for cloud security, changing it permanently, and that 87% feel less confident about their cloud security now than they did before the incident.
Kubernetes has quickly become a de facto tool within enterprise software development environments, enabling DevOps engineers to scale large numbers of containers. And recent cybersecurity hardening guidelines laid out by the NSA and CISA indicate that adoption of Kubernetes has reached critical mass. But this surge in adoption also can introduce many new vulnerabilities and misconfigurations which, if left unchecked, could put many organizations at risk.
The NSA - the maker of the original secure Linux (SELinux) - has written guidelines on how to secure video conferencing, text chatting, and collaboration tools; and now explains how to harden Kubernetes against attackers.
Ransomware, cryptojacking, and a cracked version of the penetration-testing tool Cobalt Strike have increasingly targeted Linux in multicloud infrastructure, report states.