CVE-2020-8554 is a vulnerability that particularly affects multi-tenant Kubernetes clusters. If a potential attacker can create or edit services and pods, then they may be able to intercept traffic from other pods or nodes in the cluster. An attacker that is able to create a ClusterIP service and set the spec.externalIPs field can intercept traffic to that IP. In addition, an attacker that can patch the status of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.

With the holidays upon us around the world, some folks here at Sysdig decided to take a technological approach to holiday cooking. How, you ask? By adding a little PromQL to the mix. A home kitchen during the holidays can be a very frenetic place. There are often many, many dishes being prepared at the same time and cooked in sequence. Some are short and easy, others can take several hours. It’s inevitable that a dish will get missed, or a step forgotten.

Welcome to another monthly update on what’s new from Sysdig. Our team continues to work hard to bring great new features to all of our customers, automatically and for free!

In this article, we will explain how to monitor an Oracle Database with Prometheus using an exporter to generate metrics. Also, we will review the main metrics that you should monitor on resource usage and performance, and what to alert on to detect issues and incidents in your Oracle Database.

Intezer and Microsoft reported on Sept. 9 that TeamTNT hackers are deploying Weave Scope in compromised systems as an auxiliary tool in their intrusions. Weave Scope is a legitimate and powerful tool to manage server infrastructure that, once deployed, makes it easy to control all resources. In this article, we will describe how this tool can be used maliciously, and how to add specific checks in your security set up to look for it.

Organizations are modernizing IT infrastructure, restructuring teams, and accelerating application delivery with containers and Kubernetes. As with any technology, organizations are at various places within their journey. However, according to Gartner, more than 75% of global organizations will be running containerized apps in production by 2022. Chances are your team is using containers for some applications.

Another noteworthy fact of this Kubernetes 1.20 release is that it brings 43 enhancements, up from 34 in 1.19. Of those 43 enhancements, 11 are graduating to Stable, 15 are completely new, and 17 are existing features that keep improving. So many enhancements means that they are smaller in scope. Kubernetes 1.20 is a healthy house cleaning event with a lot of small user-friendly changes.

Today AWS unveiled the Amazon EKS Distro (EKS-D) and Sysdig is excited to deliver support for the new Kubernetes distribution with our Secure DevOps solutions. Wherever you choose to run EKS-D to run container applications, Sysdig can also be used to detect and respond to runtime threats, continuously and validate compliance, as well as monitor and troubleshoot.

Welcome to another monthly update on what’s new from Sysdig. Our team continues to work hard to bring great new features to all of our customers, automatically and for free! Outside of building awesome new features and functions this month, we also had a lot of fun running cards against containers for a cause once again. If you missed it, feel free to catch-up on YouTube!

The Kinsing attack has recently been reported by security researchers, and it is well known for targeting misconfigured cloud native environments. It is also known for its comprehensive attack patterns, as well as defense evasion schemes. A misconfigured host or cluster could be exploited to run any container desired by the attacker. That would cause outages on your service or be used to perform lateral movement to other services, compromising your data.