AKS on Azure Stack HCI – January 2022 update

by | Jan 28, 2022 | Technology

This article is contributed. See the original author and article here.

Hello friends,


 


Welcome to a new year and the first AKS on Azure Stack HCI update in 2022.  The January update is now available! 


 


As always, you can also evaluate AKS-HCI any time by registering here. If you do not have the hardware handy to evaluate AKS on Azure Stack HCI you can follow our guide for evaluating AKS-HCI inside an Azure VM:  https://aka.ms/aks-hci-evalonazure.


 


Here are some of the changes you’ll see in the January update:


 


Kubernetes 1.22 support


We’re delighted to share that AKS-HCI now supports Kubernetes 1.22. Notable new features in Kubernetes 1.22 include Windows enhancements, a new PodSecurity admission feature, API server tracing feature, generic data populators, and more. Learn more


Please note that Kubernetes release 1.22 comes with a number of deprecated APIs. Please migrate to non-deprecated/stable APIs and test your workloads and environments before upgrading your production environments. To read more about the deprecation of old Kubernetes APIs, click here.


 


Support for AKS on Azure Stack HCI and Windows Server clusters with SDN enabled


With the latest AKS-HCI January release, we support running AKS on Azure Stack HCI and Windows Server clusters with Software Defined Networking (SDN) enabled by using the same external virtual switch. With this support, your AKS-HCI cluster and pods running on a traditional VLAN network will co-exist with SDN VMs running on a SDN logical network or a SDN virtual network.


 


Improved error messages and new PowerShell warnings for Restart-AksHci and Uninstall-AksHci


January includes updated warnings and a confirmation prompt for both Restart-AksHci and Uninstall-AksHci to prevent unexpected data/configuration loss.


 


Documentation for fixing certificates after a break


Many of us shut down our deployments (management and target clusters) for the holidays then came back to find our local deployments in an unmanageable state.  Under the hood, this is because cluster certificates are rotated every 3-4 days for security reasons.


 


We have published a series of guides to help get going again after deferred use or maintenance. That includes a guide for:



  1. Repairing a cluster that has been shutoff for more than 4 days

  2. Repairing a cluster that hasn’t been used for more than 60 days

  3. How to recover if the certificate renewal pod enters a crash loop state (rare)


 


Documentation for getting applications up and running in Kubernetes


There are new docs this month to help get a scoped set of applications up and running in AKS on Azure Stack HCI.  Check out our docs for:



While not a specific application – we also have a new doc on setting up an ingress controller, which is important for all web apps.


 


Once you have downloaded and installed the AKS on Azure Stack HCI January 2022 Update – you can report any issues you encounter and track future feature work on our GitHub Project at https://github.com/Azure/aks-hci. And, if you do not have the hardware handy to evaluate AKS on Azure Stack HCI you can follow our guide for evaluating AKS-HCI inside an Azure VM:  https://aka.ms/aks-hci-evalonazure.


 


I look forward to hearing from you all!


 


Cheers,


Sarah

CISA Adds Eight Known Exploited Vulnerabilities to Catalog

by | Jan 28, 2022 | Security, Technology

This article is contributed. See the original author and article here.

CISA has added eight new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.

CVE Number CVE Title Required Action Due Date
CVE-2022-22587 Apple IOMobileFrameBuffer Memory Corruption Vulnerability 2/11/2022
CVE-2021-20038 SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability 2/11/2022
CVE-2014-7169 GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability 7/28/2022
CVE-2014-6271 GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability 7/28/2022
CVE-2020-0787 Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability 7/28/2022
CVE-2014-1776 Microsoft Internet Explorer Use-After-Free Vulnerability 7/28/2022
CVE-2020-5722 Grandstream Networks UCM6200 Series SQL Injection Vulnerability 7/28/2022
CVE-2017-5689 Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability 7/28/2022

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the specified criteria.

What to know about Hubble’s $3.5 million settlement with the FTC

What to know about Hubble’s $3.5 million settlement with the FTC

by | Jan 28, 2022 | Security

This article was originally posted by the FTC. See the original article here.

Anyone who sells you contact lenses without first getting a copy of your prescription or properly verifying your prescription information with your prescriber is selling them illegally — and putting your eye health at risk. That’s because wearing contacts that haven’t been fitted to your eyes can cause corneal scratches, eye sores and irritation, and conjunctivitis (pink eye).

The FTC just filed a complaint­ against Vision Path, doing business as Hubble, alleging that the company failed to get or properly verify contact lens prescription information submitted by customers, sold lenses after prescription verification requests were denied, altered prescriptions from the prescribed brands to Hubble lenses, and failed to maintain required records.

The complaint also alleges that Hubble deceptively claimed it would ensure customers got lenses with valid and accurate prescriptions, as determined by their eye care provider; falsely claimed that certain consumer reviews were independent when they were not; and failed to disclose material connections between Hubble and some reviewers.

The next time you’re shopping for contact lenses, remember that under the Contact Lens Rule:

  • Sellers must have a process for verifying prescriptions. This includes letting you submit a copy of your contact lens prescription. If you don’t submit your prescription, but instead give your prescription information, the seller must verify your prescription information with your prescriber.
  • Sellers must not substitute another brand of contact lens for the one prescribed. If you want a different brand than the one written on your prescription, you’ll need your eye care provider’s approval. The only time you don’t need your provider’s approval to switch brands is if a manufacturer offers a brand name and a generic or store brand version of the same lens.

If you come across someone selling contact lenses without getting or properly verifying a prescription, take your business elsewhere and report it to the FTC at ReportFraud.ftc.gov.

For a more in-depth look at your prescription rights for contacts — and glasses — read Buying Prescription Glasses or Contact Lenses: Your Rights. Your eyes will thank you.

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.