Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

armo

Kubernetes version 1.25 - everything you should know

Aug 22, 2022 By Amir Kaushansky In ARMO
Kubernetes' new version - version 1.25 - will be released on Tuesday 23rd August 2022, and it comes with 40 new enhancements in various areas and numerous bug fixes. This blog will focus on the highlighted changes from each special interest group (SIG) in the upcoming release and ensure you are confident before upgrading your clusters.
Read Post
armo

Code repository scanning & Container image registry scanning with Kubescape

Aug 20, 2022 By Jonathan Kaftzan In ARMO
New exciting Kubescape features have recently landed - Code repository scanning & Container image registry scanning! By enhancing Kubescape's security posture capabilities, you will be able to embed security even earlier in the SDLC (Software Development Lifecycle) and in a broader range of places in your CI/CD pipeline.
Read Post
mend

Mining Malware History for Clues on Malicious Package Innovation

Aug 18, 2022 By Daniel Elkabes In Mend

Malware has come a long way since it first made the scene in the late 1990s, with news of viruses infecting random personal computers worldwide. These days, of course, attackers have moved beyond these humble roots. Now they deploy a variety of innovative techniques to extract large amounts of money from businesses around the world. A similar development is taking place with malware’s upstart cousin – the emergence of malicious packages being uploaded to package registries.

Read Post

Why You Need to Ditch Passwords, Private Keys, and All Other Forms of Secrets

Aug 18, 2022 By Teleport In Teleport
Despite the steady drumbeat of news stories on security breaches caused by compromised credentials, 70% of teams still use secrets such as private keys or passwords to grant infrastructure access. In this webinar, we’ll cover why all forms of secrets are bad for you and your business, and why MFA is not good enough. We'll cover how the adoption of Passwordless Authentication and related hardware technologies like TPMs and HSMs fix a slew of problems, including making phishing attacks a thing of the past.
View Video

Signing Kubernetes with Sigstore

Aug 17, 2022 By Snyk In Snyk
Adolfo García Veytia, Staff Software Engineer at ChainGuard and Tech Lead on the Kubernetes SIG-Release team, joins Eric and Kyle to talk about how they were able to tackle signing all of the Kubernetes v1.24 image artifacts using Sigstore. Then we will demonstrate signing an image and vulnerability scan result attestations with Sigstore's cosign utility.
View Video
CloudCasa

Using Longhorn v1.3 CSI Snapshots for Backup and Recovery

Aug 16, 2022 By Sathya Sankaran In CloudCasa

With the release of Longhorn v1.3.0, CloudCasa by Catalogic is happy to announce that it fully supports the backup and recovery of Longhorn persistent volumes (PVs) on Kubernetes clusters. While previous versions of Longhorn supported volume snapshots and the CSI interface, Longhorn v1.3 introduced full support for the CSI snapshot interface so it can now be used to trigger volume snapshots in a cluster.

Read Post

Black Hat 2022: The CVSS Fallacy - can you trust the world's most popular vulnerability metric?

Aug 15, 2022 By JFrog In JFrog
The NVD defines one of the usages of CVSS as “a factor in prioritization of vulnerability remediation” and it is the current de-facto vulnerability metric, often seen as infallible guidance and a crucial element in many compliance processes. In our session we will go over real-world CVE examples, demonstrating cases and entire categories where CVSSv3.1 falls short of providing an accurate assessment, both due to its design and its various mishandlings. The session will also touch upon specific indicators in the CVE description that can raise the confidence in a CVSS score, and vice versa.
View Video

Copyright © 2026 OpsMatters™. All rights reserved.