Cyber Security Shots

AWS Security

• AWS config supports 20 new resource types . Why it is important ? Now you can monitor the configuration of newly added resource types there by maintaining governance
• AWS CyberVadis report now available for due diligence on third-party suppliers

CIS Benchmark

• CIS benchmark is available for Bottlerocket. Bottlerocket, a Linux-based operating system that is purpose built to run container workloads

Azure Security

Defender for cloud

• Defender for Containers now shows vulnerabilities for running Windows containers.
• Network security groups (NSGs) support for private endpoints (Link)
• AKS now supports key management system (KMS) plugin integration(Link).
• Azure API Management now supports 11 Azure Policy definitions(Link)

Kubernetes 1.25 (Security Updates)

• PodSecurityPolicy is completely removed in 1.25. Note it was depreciated in 1.21 version. As an alternative the recommendation is to use Pod Security Admission controllers. Link for migrating PSP to PodSecurity Admission Controller
• User Namespace support to Kubernetes (Alpha). Nice article to understand user Namespace
• Forensic Container Checkpointing , Used for taking checkpoint of a running container . which in return can be used for forensics.
• Auto-refreshing Official CVE Feed (Alpha), An auto-refreshing CVE feed will allow end users to programmatically fetch the list of CVEs and allow them to get the latest information from Kubernetes community(Link).
• NetworkPolicy port range(stable), Allow a Network Policy to contemplate a set of ports in a single rule(Link).
• Enable seccomp by default (Beta), Kubernetes now enables a default seccomp profile for all workloads (Link)
• Interested in what’s new in K8 1.25 (Link).