HackerTrans
TopNewTrendsCommentsPastAskShowJobs

jkaftzan

no profile record

Submissions

MongoDB CVE CVE-2025-14847 – what K8s users should know?

armosec.io
2 points·by jkaftzan·há 7 meses·1 comments

Three new Nginx ingress controller vulnerabilities and the affect on Kubernetes

armosec.io
5 points·by jkaftzan·há 3 anos·1 comments

Kubernetes Validating Admission Policies: A Practical Example

kubernetes.io
1 points·by jkaftzan·há 3 anos·0 comments

[untitled]

1 points·by jkaftzan·há 3 anos·0 comments

CNCF accepts Kubescape as its first security and compliance scanner project

sdxcentral.com
27 points·by jkaftzan·há 4 anos·16 comments

[untitled]

1 points·by jkaftzan·há 4 anos·0 comments

[untitled]

1 points·by jkaftzan·há 4 anos·0 comments

[untitled]

1 points·by jkaftzan·há 4 anos·0 comments

[untitled]

1 points·by jkaftzan·há 4 anos·0 comments

[untitled]

1 points·by jkaftzan·há 4 anos·0 comments

Kubescape operator is now open source as well

github.com
3 points·by jkaftzan·há 4 anos·1 comments

[untitled]

1 points·by jkaftzan·há 4 anos·0 comments

[untitled]

1 points·by jkaftzan·há 4 anos·0 comments

[untitled]

1 points·by jkaftzan·há 4 anos·0 comments

CVE-2021-44228 – Log4Shell – impact on Kubernetes

armosec.io
1 points·by jkaftzan·há 5 anos·0 comments

Kubernetes v1.23 will be released next week Dec 7th

armosec.io
1 points·by jkaftzan·há 5 anos·0 comments

Ask HN: How do you scan K8s in offline mode (e.g. air-gapped environment)?

2 points·by jkaftzan·há 5 anos·1 comments

Kubernetes ingress-nginx controller vulnerability

armosec.io
51 points·by jkaftzan·há 5 anos·47 comments

Show HN: How to download and run Kubescape [video]

vimeo.com
2 points·by jkaftzan·há 5 anos·1 comments

New and expanded version of Kubescape is released

2 points·by jkaftzan·há 5 anos·0 comments

comments

jkaftzan
·há 7 meses·discuss
A newly disclosed MongoDB vulnerability, tracked as CVE-2025-14847 and informally referred to as MongoBleed, allows unauthenticated remote attackers to leak uninitialized memory from a MongoDB server. A public proof-of-concept exploit is already available, significantly increasing the risk for exposed MongoDB deployments.

This blog explains how the vulnerability works, what is required to exploit it, and how to identify exposure and detect exploitation attempts at runtime.
jkaftzan
·há 3 anos·discuss
CVE-2023-5043, CVE-2023-5044 and CVE-2022-4886 can be exploited by attacker to steal secret credentials from K8s cluster. Three security issues were reported on October 27th by the Kubernetes security community, all of them related to the popular NGINX ingress component.
jkaftzan
·há 4 anos·discuss
Try Kubescape
jkaftzan
·há 4 anos·discuss
Here you go https://github.com/kubescape/kubescape
jkaftzan
·há 4 anos·discuss
Cool! Happy you like it!
jkaftzan
·há 4 anos·discuss
Kubescape, an end-to-end open-source Kubernetes security platform, embarks on a new journey. Kubescape, created by ARMO, will fully migrate to the CNCF. This coincides with the launch of ARMO Platform, a hosted, managed security solution powered by Kubescape.
jkaftzan
·há 4 anos·discuss
CVE-2022-47633: Kyverno’s container image signature verification can be bypassed by a malicious registry or proxy
jkaftzan
·há 4 anos·discuss
All the main K8s vulnerabilities from 2022 consolidated into one article. Put together by Ben Hirschberg, founder of ARMO, the makers of Kubescape.
jkaftzan
·há 4 anos·discuss
Check this new survey on the state of OSS K8s security
jkaftzan
·há 4 anos·discuss
Grafana Labs published a security advisory for a new critical vulnerability in its open-source product. The vulnerability, marked as CVE-2022-39328, enables attackers to bypass authorization on arbitrary service endpoints.
jkaftzan
·há 4 anos·discuss
ARMO have open sourced yet another important component – Kubescape operator. This operator can be installed in-cluster using Helm, and is responsible, for the continuous configurations and image vulnerability scanning, among other nifty capabilities you should check out. From today, users can access the code of all of the Kubescape components, review it, open issues, start discussions, and contribute to it. Kubescape now fully supports the Open API framework through Swagger. This means Kubescape users can now leverage services through openly available APIs everywhere and anywhere. Users can call Kubescape functions using APIs – they can operate, view and consume wherever they are, whenever they need it without leaving their preferred tool, platform or environment. Some of the common functions available: create an account, run a Kubescape scan, get results, export results, and more. It is updated on a daily basis and you will always have the latest APIs available. Kubescape is now an independent open source project (moved out of the ARMO organization), and has been officially donated to the community, to democratize contribution. Kubescape welcomes external maintainers to take a meaningful part in helping to lead and maintain this community-born and maintained project and will abide by the standards of open source governance processes and guidelines (e.g. community governance body, monthly community meetings, regular maintainers meetings, and whatever else the community would like to see.)
jkaftzan
·há 4 anos·discuss
Kubescape, an open source K8s security solution, is celebration one year anniversary. now all the major components of Kubescape are open source
jkaftzan
·há 5 anos·discuss
to check Kubescape: https://github.com/armosec/kubescape
jkaftzan
·há 5 anos·discuss
Do you scan your K8s YAML files for misconfigurations? if not you should...and with Kubescape it's easy and free
jkaftzan
·há 5 anos·discuss
There are so many different Frameworks to use when it comes to Kubernetes security and compliance - CIS, NIST, NSA&CISA, PCI. which one is good for you? and why? in this article i'm trying to cover the main frameworks in the market and compare between them. i'm happy to here your thoughts
jkaftzan
·há 5 anos·discuss
well, this is probably the reason why the adoption rate of K8s is so high? and why so many organizations are using it or going to use it as their "operating system" of cloud native environments?
jkaftzan
·há 5 anos·discuss
A new HIGH severity vulnerability was found in Kubernetes in which users may be able to create a container with subpath volume mounts to access files & directories outside of the volume, including on the host filesystem. The issue is affecting the Kubelet component of Kubernetes. This vulnerability allows attackers to abuse subPath property of the volumeMounts and access the entire host file system without using the hostPath feature originally intended for this capability.
jkaftzan
·há 5 anos·discuss
You have probably heard of Kubernetes role-based access control (RBAC). In this article, Amir Kashaunsky, ARMO VP Product, will walk you through this method so that in the end, you will be able to determine whether RBAC is something you need to worry about, and if so, what you should do about it.
jkaftzan
·há 5 anos·discuss
check this article by -Lachlan Evenson https://medium.com/@LachlanEvenson/kubernetes-hardening-usin...

You can also run Kubescape against Kubernetes manifests which is a great way to stop violations before the resources are deployed to a Kubernetes cluster. The output is identical as scanning a running Kubernetes cluster as seen above
jkaftzan
·há 5 anos·discuss
We are continuing to work on Kubescape and enhance it with more features and capabilities:

Kubescape can now check that YAML files and HELM charts are configured correctly as defined by NSA and CISA guidance.

No cluster is required and you can scan for misconfigurations as early as when devs are submitting the K8s manifest files.

Kubescape supports new output formats like json and junit xml.

You can integrate Kubescape results output to any devops tool like Jenkins, CricleCI, Github workflows.

If you haven’t checked it out yet, what are you waiting for? https://github.com/armosec/kubescape/