-
Critical Kubernetes Image Builder flaw gives SSH root access to VMs
A critical vulnerability in Kubernetes could allow unauthorized SSH access to a virtual machine running an image created with the Kubernetes Image Builder project.
- October 16, 2024
- 12:58 PM
2
-
Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks
In an ongoing Kubernetes cryptomining campaign, attackers target OpenMetadata workloads using critical remote code execution and authentication vulnerabilities.
- April 17, 2024
- 05:01 PM
0
-
Sponsored Content
Free shadow SaaS inventory + security insightsDiscover all SaaS accounts ever created by anyone in your org, in minutes, along with insights on security risks and spend. Save time, money and effort by curbing SaaS sprawl and automating tasks like offboarding and user access reviews. Free trial.
-
Kubernetes RBAC abused to create persistent cluster backdoors
Hackers use a novel method involving RBAC (Role-Based Access Control) to create persistent backdoor accounts on Kubernetes clusters and hijack their resources for Monero crypto-mining.
- April 21, 2023
- 11:35 AM
- 0
-
First-known Dero cryptojacking operation seen targeting Kubernetes
The first known cryptojacking operation mining the Dero coin has been found targeting vulnerable Kubernetes container orchestrator infrastructure with exposed APIs.
- March 15, 2023
- 06:00 AM
- 0
-
Microsoft: Kubernetes clusters hacked in malware campaign via PostgreSQL
The Kinsing malware is now actively breaching Kubernetes clusters by leveraging known weaknesses in container images and misconfigured, exposed PostgreSQL containers.
- January 09, 2023
- 04:16 PM
- 2
-
Over 900,000 Kubernetes instances found exposed online
Over 900,000 misconfigured Kubernetes clusters were found exposed on the internet to potentially malicious scans, some even vulnerable to data-exposing cyberattacks.
- June 28, 2022
- 06:39 AM
- 4
-
Google almost doubles Linux Kernel, Kubernetes zero-day rewards
Google says it bumped up rewards for reports of Linux Kernel, Kubernetes, Google Kubernetes Engine (GKE), or kCTF vulnerabilities by adding bigger bonuses for zero-day bugs and exploits using unique exploitation techniques.
- February 15, 2022
- 03:38 PM
- 0
-
Argo CD vulnerability leaks sensitive info from Kubernetes apps
A vulnerability in Argo CD, used by thousands of orgs for deploying applications to Kubernetes, can be leveraged in attacks to disclose sensitive information such as passwords and API keys.
- February 04, 2022
- 10:43 AM
- 0
-
Linux kernel bug can let hackers escape Kubernetes containers
A vulnerability affecting Linux kernel and tracked as CVE-2022-0185 can be used to escape Kubernetes containers, giving access to resources on the host system.
- January 25, 2022
- 11:56 AM
- 0
-
This Kubernetes training is your ticket to a job in cloud computing
The Ultimate Kubernetes & Cloud Certification Training Bundle provides the ideal introduction, with 12 courses helping you to learn practical skills and prepare for exams. You can get it today for only $39.99.
- September 24, 2021
- 07:22 AM
- 0
-
Microsoft fixes bug letting hackers take over Azure containers
Microsoft has fixed a vulnerability in Azure Container Instances called Azurescape that allowed a malicious container to take over containers belonging to other customers on the platform.
- September 09, 2021
- 11:08 AM
- 0
-
Become a certified Kubernetes and cloud expert with 12 courses for $40
The Ultimate Kubernetes & Cloud Certification Training Bundle helps you break into this lucrative niche, with 12 courses working towards top exams. You can get the training today for only $29.99.
- August 17, 2021
- 08:26 AM
- 0
-
NSA and CISA share Kubernetes security recommendations
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published comprehensive recommendations for strengthening the security of an organization's Kubernetes system.
- August 04, 2021
- 01:02 AM
- 0
-
Attackers deploy cryptominers on Kubernetes clusters via Argo Workflows
Threat actors are abusing misconfigured Argo Workflows instances to deploy cryptocurrency miners on Kubernetes (K8s) clusters.
- July 23, 2021
- 11:27 AM
- 0
-
NSA: Russian GRU hackers use Kubernetes to run brute force attacks
The National Security Agency (NSA) warns that Russian nation-state hackers are conducting brute force attacks to access US networks and steal email and files.
- July 01, 2021
- 11:00 AM
- 1
-
Microsoft warns of cryptomining attacks on Kubernetes clusters
Microsoft warns of an ongoing series of attacks compromising Kubernetes clusters running Kubeflow machine learning (ML) instances to deploy malicious containers that mine for Monero and Ethereum cryptocurrency.
- June 09, 2021
- 01:05 PM
- 0
-
New Kubernetes malware backdoors clusters via Windows containers
New malware active for more than a year is compromising Windows containers to compromise Kubernetes clusters with the end goal of backdooring them and paving the way for attackers to abuse them in other malicious activities.
- June 07, 2021
- 06:51 AM
- 0
-
All Kubernetes versions affected by unpatched MiTM vulnerability
The Kubernetes Product Security Committee has provided advice on how to temporarily block attackers from exploiting a vulnerability that could enable them to intercept traffic from other pods in multi-tenant Kubernetes clusters in man-in-the-middle (MiTM) attacks.
- December 08, 2020
- 09:20 AM
- 0
-
Hackers use legit tool to take over Docker, Kubernetes platforms
In a recent attack, cybercrime group TeamTNT relied on a legitimate tool to avoid deploying malicious code on compromised cloud infrastructure and still have a good grip on it.
- September 08, 2020
- 02:20 PM
- 0
-
Cryptojacking worm steals AWS credentials from Docker systems
A cybercrime group known as TeamTNT is using a crypto-mining worm to steal plaintext AWS credentials and config files from compromised Docker and Kubernetes systems.
- August 18, 2020
- 11:39 AM
- 0
- 1
- 2
