Updated: Kubernetes Hardening Guide

by | Mar 15, 2022 | Security, Technology

This article is contributed. See the original author and article here.

The National Security Agency (NSA) and CISA have updated their joint Cybersecurity Technical Report (CTR): Kubernetes Hardening Guide, originally released in August 2021, based on valuable feedback and inputs from the cybersecurity community. 

Kubernetes is an open-source system that automates deployment, scaling, and management of applications run in containers. A container is a runtime environment that contains a software package and its dependencies. Kubernetes is often hosted in a cloud environment. The CTR provides recommended configuration and hardening guidance for setting up and securing a Kubernetes cluster.

CISA encourages users and administrators to review the updated Kubernetes Hardening Guide—which includes additional detail and explanations—and apply the hardening measures and mitigations to manage associated risks.

College students: We want to hear from you

College students: We want to hear from you

by | Mar 11, 2022 | Security

This article was originally posted by the FTC. See the original article here.

If you’re a college student, or a student in a vocational or certificate program, there are scams that specifically target you. This National Consumer Protection Week, we’ve been focused on how scams affect every community. We want to let you know about some scams that might affect you, but more importantly, hear from you about what you’re seeing.

Scammers often target students with scams related to jobs and making money. For example:

  • Fake check scams: These scams all involve someone sending you a check, asking you to deposit it, sending some of the money to someone else, and keeping the rest as payment. The scams that target students often involve jobs you could do on the side — so being a mystery shopper, advertising with a car wrap, working as a part-time assistant or dog walker for someone pretending to be your professor. Except, those “jobs” are all fake, and that check they gave you? It’s going to bounce and when it does, and the bank realizes the check was fake, it will want that money back.
  • Cryptocurrency investment scams: As we wrote about last May, people in their 20s and 30s have lost a lot of money to investment scams, and many of those losses have been in cryptocurrency. These scams can involve fake investment sites, using celebrities and false promises that you can multiply your money, or using online dating sites to sweet-talk you into fake crypto investments.

Students: What else are you seeing? Tell the FTC your story at ReportFraud.ftc.gov, or in Spanish at ReporteFraude.ftc.gov.

Every report helps us in our mission to protect every community from scammers. When you report to us, it gets shared with over 3,000 law enforcers — and it helps the FTC spread the word so others can avoid scams.

Join the NCPW conversation on social media: #NCPW2022 and see what’s up at ftc.gov/ncpw.

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

Dirty Pipe Privilege Escalation Vulnerability in Linux

by | Mar 10, 2022 | Security, Technology

This article is contributed. See the original author and article here.

CISA is aware of a privilege escalation vulnerability in Linux kernel versions 5.8 and later known as “Dirty Pipe” (CVE-2022-0847). A local attacker could exploit this vulnerability to take control of an affected system.

CISA encourages users and administrators to review (CVE-2022-0847) and update to Linux kernel versions 5.16.11, 5.15.25, and 5.10.102 or later.