Security: Microsoft Canonical, Kubernetes, and More
-
Strengthen your cloud cyber security with Ubuntu Pro and confidential VMs [Ed: Canonical is promoting Microsoft surveillance with back doors under the pretence of "confidentiality". Canonical works for Microsoft, not for Ubuntu community/users.]
In today’s digital landscape, organisations of all sizes have expanded their presence in the cloud. But with this expansion comes a significant increase in the attack surface, making security a top concern. In this blog, we will dive into the exciting world of cloud cyber security, and explore a stronger approach to securing your workloads with the help of Ubuntu.
-
Verifying Container Image Signatures Within CRI Runtimes | Kubernetes
The Kubernetes community has been signing their container image-based artifacts since release v1.24. While the graduation of the corresponding enhancement from alpha to beta in v1.26 introduced signatures for the binary artifacts, other projects followed the approach by providing image signatures for their releases, too. This means that they either create the signatures within their own CI/CD pipelines, for example by using GitHub actions, or rely on the Kubernetes image promotion process to automatically sign the images by proposing pull requests to the k/k8s.io repository. A requirement for using this process is that the project is part of the kubernetes or kubernetes-sigs GitHub organization, so that they can utilize the community infrastructure for pushing images into staging buckets.
Assuming that a project now produces signed container image artifacts, how can one actually verify the signatures? It is possible to do it manually like outlined in the official Kubernetes documentation. The problem with this approach is that it involves no automation at all and should be only done for testing purposes. In production environments, tools like the sigstore policy-controller can help with the automation. These tools provide a higher level API by using Custom Resource Definitions (CRD) as well as an integrated admission controller and webhook to verify the signatures.
The general usage flow for an admission controller based verification is: [...]
-
Threat researcher pours cold water on claims about 'Wagner' ransomware
Callow told iTWire: "Creating the ransomware would’ve been a quick and easy job, but we don’t know who did it or why or whether it’s ever actually been deployed.
"My guess is that was created for the soled purpose of being uploaded to VirusTotal so it would be discovered by researches and written about. You can draw your own conclusions as to what the motivation may have been."
Another security researcher who differed with Cyble, but not to the extent that Callow did, was Allan Liska, who works with the CIA-backed firm Recorded Future, PCMag quoted him as tweeting: “Installing a ransomware/wiper on someone's machine is a poor way to recruit them.
-
‘Anatsa’ malware targets banking users in US, UK and Central Europe
A mobile malware campaign targeting banking apps has been observed targeting users in the U.S., the U.K. and Central Europe. Dubbed "Anatsa" by researchers at ThreatFabric B.V., the banking Trojan is distributed through malicious apps in the Google Play Store and is estimated to have had over 30,000 installations since March.