Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Kubernetes Ingress is one of today’s most important Kubernetes resources. First introduced in 2015, it achieved GA status in 2020. Its goal is to simplify and secure the routing mechanism of incoming traffic to your defined services. Ingress allows you to expose HTTP and HTTPS from outside the cluster to your services within the cluster by leveraging traffic routing rules you define while creating the Ingress.

In March 2022, NSA & CISA has issued a new version of the Kubernetes Hardening Guide – version 1.1. It updates the previous version that was released in August 2021. Kubernetes evolves fast, and Kubernetes adoption grows even quicker. Kubernetes has become a very popular target and therefore requires continuous enhancement of the protection measures.

Container escape is a security risk in which malicious players can leverage a containerized application’s vulnerabilities to breach its isolation boundary, gaining access to the host system’s resources. Once an attacker accesses the host system, they can escalate their privilege to access other containers running in the machine or run harmful code on the host. Depending on how vulnerable the host is, the actor could also access other hosts in the network.

A new vulnerability CVE-2022-0811, alias cr8escape, with CVSS 8.8 (HIGH) has been found in the CRI-O container engine by Crowdstrike. This vulnerability can lead to arbitrary code execution. The container engines affected are: Any containerized infrastructure that relies on these vulnerable container engines is affected as well, including Kubernetes and OpenShift (version 4.6 to 4.10).

Last month, we announced the launch of our active cloud-native application runtime security. Calico Cloud’s active runtime security helps security teams secure their containerized workloads with a holistic approach to threat detection, prevention, and mitigation. As security teams look to secure these workloads, it’s also critical that they employ a defense-in-depth strategy.

Recently, IBM announced the IBM Z and Cloud Modernization Center1 for the acceleration of hybrid cloud and to help IBM Z clients accelerate the modernization of their applications, data, and processes in an open hybrid cloud architecture. By combining IBM Z systems built for transactional integrity, throughput, reliability, and availability with hybrid cloud development, IBM is combining the best of both worlds.

CrowdStrike’s Cloud Threat Research team discovered a zero-day vulnerability (CVE-2022-0811) in CRI-O (a container runtime engine underpinning Kubernetes). Dubbed “cr8escape,” when invoked, an attacker could escape from a Kubernetes container and gain root access to the host and be able to move anywhere in the cluster.

SSH has always been the default mechanism to get remote shell access into a running Unix or Linux operating system from a terminal client to execute commands. While SSH is familiar, Docker provides more lightweight and easier-to-use methods that don’t require running your container with an SSH server. This post will explore two methods to get shell access into a Docker container using OpenSSH and the docker exec command.

While the last two years accelerated digital transformation across a wide range of industries, this has been a long time coming for healthcare. Healthcare has been undergoing a massive shift to improve security, streamline operations, and enhance the patient experience—and much of that shift centers around the movement to the cloud. Cloud-native ostensibly offers a better, more accessible user experience marked by enhanced uptime, reliability, and efficiency.