HackDig : Dig high-quality web security articles for hackers

Zoom into Kinsing

The Kinsing attack has recently been reported by security researchers, and it is well known for targeting misconfigured cloud native environments. It is also known for its comprehensive attack patterns, as well as defense evasion schemes. A misconfigured host or cluster could be exploited to run any container desired by the attacker. That would cause outa
Publish At:2020-11-23 15:37 | Read:146 | Comments:0 | Tags:Falco Sysdig Secure Kinsing Kubernetes

Container security on IBM Cloud

If you’re running containers and Kubernetes on IBM Cloud, you can now enable the key security workflows of Sysdig Secure as a service within your IBM Cloud deployments. This makes it easier for you to implement security tools and policies to ensure your containers and your Kubernetes environment are protected and running as intended. The new container and
Publish At:2020-11-17 11:25 | Read:170 | Comments:0 | Tags:IBM Cloud Kubernetes Sysdig Secure Image scanning runtime se

Kubernetes network segmentation using native controls

Network segmentation is almost as old as computer networking. The evolution of network segmentation went through switches to routers and firewalls, and as modern networks evolved, the ability to better control traffic by operating system native functionality evolved as well. Native controls like IP Tables became lingua franca, alongside access control lists,
Publish At:2020-11-17 11:25 | Read:141 | Comments:0 | Tags:Kubernetes Sysdig Secure Network policies Network segmentati

How to monitor Kubernetes control plane

The control plane is the brain and heart of Kubernetes. All of its components are key to the proper working and efficiency of the cluster. Monitor Kubernetes control plane is just as important as monitoring the status of the nodes or the applications running inside. It may be even more important, because an issue with the control plane will affect all of the
Publish At:2020-11-10 15:36 | Read:63 | Comments:0 | Tags:Kubernetes Prometheus Sysdig Monitor control plane Monitorin

How to monitor coreDNS

The most common problems and outages in a Kubernetes cluster come from coreDNS, so learning how to monitor coreDNS is crucial. Imagine that your frontend application suddenly goes down. After some time investigating, you discover it’s not resolving the backend endpoint because the DNS keeps returning 500 error codes. The sooner you can get to this conclus
Publish At:2020-11-03 15:54 | Read:118 | Comments:0 | Tags:Kubernetes Prometheus Sysdig Monitor control plane coreDNS P

5 Components of the Kubernetes Control Plane that Demand Special Attention in Your Security Strategy

Organizations and security incidents in Kubernetes environments, these are 5 key components of the control plane that demand special attention Organizations are no strangers to security incidents in their Kubernetes environments. In its State of Container and Kubernetes Security Fall 2020 survey, StackRox found that 90% of respondents had suffered a secur
Publish At:2020-10-30 15:05 | Read:183 | Comments:0 | Tags:Breaking News Security Hacking hacking news information secu

SOC 2 compliance for containers and Kubernetes security

This article contains useful tips to implement SOC 2 compliance for containers and Kubernetes. The Service Organization Controls (SOC) reports are the primary way that service organizations provide evidence of how effective their controls are for finance (SOC 1) or securing customer data (SOC 2, SOC 3). These reports are issued by the American Institu
Publish At:2020-10-27 12:18 | Read:159 | Comments:0 | Tags:Falco Kubernetes Sysdig Secure compliance falco Image scanni

Understanding and mitigating CVE-2020-8566: Ceph cluster admin credentials leaks in kube-controller-manager log

While auditing the Kubernetes source code, I recently discovered an issue (CVE-2020-8566) in Kubernetes that may cause sensitive data leakage. You would be affected by CVE-2020-8566 if you created a Kubernetes cluster using ceph cluster as storage class, with logging level set to four or above in kube-controller-manager. In that case, your ceph user c
Publish At:2020-10-26 20:42 | Read:327 | Comments:0 | Tags:Falco Kubernetes Sysdig Secure control plane falco

NIST 800-53 compliance for containers and Kubernetes

In this blog, we will cover the various requirements you need to meet to achieve NIST 800-53 compliance, as well as how Sysdig Secure can help you continuously validate NIST 800-53 requirements for containers and Kubernetes. What is NIST 800-53 compliance? The National Institute of Standards and Technology (NIST) is a non-regulatory government agency
Publish At:2020-10-20 12:36 | Read:109 | Comments:0 | Tags:Falco Kubernetes Sysdig Secure CloudTrail compliance falco N

Understanding and mitigating CVE-2020-8563: vSphere credentials leak in the cloud-controller-manager log

While auditing the Kubernetes source code, I recently discovered an issue (CVE-2020-8563) in Kubernetes that may cause sensitive data leakage. When creating a k8s cluster over vSphere, and enabling vSphere as a cloud provider with logging level set to 4 or above, the vSphere user credentials will be included in the cloud-controller-manager‘s log
Publish At:2020-10-16 11:06 | Read:286 | Comments:0 | Tags:Falco Kubernetes Sysdig Secure cve falco VSphere Cloud

How to monitor kube-proxy

In this article, you will learn how to monitor kube-proxy to ensure the correct health of your cluster network. Kube-proxy is one of the main components of the Kubernetes control plane, the brains of your cluster. One of the advantages of Kubernetes is that you don’t worry about your networking or how pods physically interconnect with one another. K
Publish At:2020-10-15 11:42 | Read:216 | Comments:0 | Tags:Kubernetes Prometheus Sysdig Monitor control plane Monitorin

How to monitor Istio, the Kubernetes service mesh

In this article, we are going to deploy and monitor Istio over a Kubernetes cluster. Istio is a service mesh platform that offers advanced routing, balancing, security, and high availability features, plus Prometheus-style metrics for your services out-of-the-box. What is Istio? Istio is a platform used to interconnect microservices.It provides advance
Publish At:2020-09-30 11:35 | Read:210 | Comments:0 | Tags:AWS DCOS Docker Google Cloud IBM Cloud Kubernetes OpenShift

Detecting and Mitigating Potential Container Escapes via CVE-2020-14386

On September 14, CVE-2020-14386 was reported as a “high” severity threat. This CVE is a kernel security vulnerability that enables an unprivileged local process to gain root access to the system. CVE-2020-14386 is a result of a bug found in the packet socket facility in the Linux kernel. It allows a bad actor to trigger a memory corruption that can be
Publish At:2020-09-16 20:49 | Read:406 | Comments:0 | Tags:Falco Google Cloud Kubernetes Sysdig Sysdig Secure Uncategor

Manage AppArmor profiles in Kubernetes with kube-apparmor-manager

Discover how Kube-apparmor-manager can help you manage AppArmor profiles on Kubernetes to reduce the attack surface of your cluster. AppArmor is a Linux kernel security module that supplements the standard Linux user and group-based permissions to confine programs to a limited set of resources. AppArmor can be configured for any application to reduce
Publish At:2020-09-16 13:00 | Read:318 | Comments:0 | Tags:Kubernetes AppArmor Sysdig Monitor

Seven Kubernetes monitoring best practices every monitoring solution should enable

Look out for these Kubernetes monitoring best practices when evaluating a Kubernetes monitoring solution. It will be easier to make sense of them if your tools are Kubernetes native. Let’s face it. Running containers in Kubernetes brings a number of advantages in terms of automation, segmentation, and efficiency. However, the ability to monitor performanc
Publish At:2020-09-10 13:50 | Read:318 | Comments:0 | Tags:Kubernetes Sysdig Monitor Monitoring