In recent developments, cybersecurity experts have raised alarms over a high-severity vulnerability identified in Kubernetes, marked as CVE-2023-5528. This critical flaw has the potential to allow attackers to execute arbitrary code with system privileges across all Windows endpoints within a cluster. Akamai, a leading global content delivery network, cybersecurity, and cloud service company, has issued […]
Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific circumstances. “The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster,” Akamai security researcher Tomer Peled said. “To exploit this […]
A recent investigation by Unit 42 of Palo Alto Networks has uncovered a dual privilege escalation chain in Google Kubernetes Engine (GKE). This vulnerability, stemming from specific configurations in GKE’s logging agent FluentBit and Anthos Service Mesh (ASM), presents a significant security risk, potentially allowing attackers unauthorized access to Kubernetes clusters. Kubernetes and GKE Overview: […]
Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already has access to a Kubernetes cluster to escalate their privileges. “An attacker who has compromised the Fluent Bit logging container could combine that access with high privileges required by Anthos Service Mesh (on clusters that […]
Kubernetes has become the de facto orchestration platform for managing containerized applications, but with its widespread adoption, the security of Kubernetes clusters has come under greater scrutiny. Central to Kubernetes’ architecture is etcd, a highly-available key-value store used to persist the cluster’s state and its configuration details. While etcd is essential for the Kubernetes cluster’s […]
According to the findings of Akamai’s security experts, a high-severity vulnerability in Kubernetes may be exploited to accomplish remote code execution (RCE) on any Windows endpoints that are part of the cluster. The flaw, identified as CVE-2023-3676 and with a CVSS score of 8.8, affects Kubernetes’ processing of YAML files. These files are used by […]
The first known proof that attackers are using Kubernetes (K8s) Role-Based Access Control (RBAC) in the field to construct backdoors was found by specialists. DaemonSets were also deployed by the malicious actors in order to seize control of the K8s clusters they attacked and steal their resources. An incorrectly configured API server that permitted unauthenticated […]
A large-scale attack campaign discovered in the wild has been exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) to create backdoors and run cryptocurrency miners. “The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack,” cloud security firm Aqua said in a report shared with The Hacker News. The […]
Dero is a relatively new cryptocurrency that places a strong emphasis on privacy. It utilizes directed acyclic graph (DAG) technology, which allows it to make the claim that its transactions are completely anonymous. The combination of anonymity and a greater rewards ratio makes it potentially attractive for cryptojacking organizations in comparison to Monero, which is […]
Argo CD is a Kubernetes-based declarative GitOps continuous delivery platform. It is built as a Kubernetes controller that constantly monitors running apps and compares their current, live state to the intended goal state (as specified in the Git repo). 257 enterprises, including Alibaba Group, BMW Group, Deloitte, Gojek, IBM, Intuit, LexisNexis, Red Hat, Skyscanner, Swisscom, […]
Kubernetes Deployment on AWS Kubernetes is open-source software for deploying and managing containerized applications at scale. Kubernetes can manage clusters on Amazon EC2 instances, run containers on those instances, and perform deployment, maintenance, and scaling processes. Kubernetes lets you run containerized applications on-premises and in the cloud using the same set of tools. AWS offers […]
Docker is a technology for containerization, while Kubernetes is a tool for orchestrating container deployments. In the subsequent subsections, we will discuss a variety of open-source tools that really are useful for securing Kubernetes clusters. These open source tools involve code snippets that will help with static scanning of Docker images, security auditing, hardening Kubernetes […]
A new cryptojacking campaign has been uncovered targeting vulnerable Docker and Kubernetes infrastructures as part of opportunistic attacks designed to illicitly mine cryptocurrency. Cybersecurity company CrowdStrike dubbed the activity Kiss-a-dog, with its command-and-control infrastructure overlapping with those associated with other groups like TeamTNT, which are known to strike misconfigured Docker and Kubernetes instances. The intrusions, […]
A recently detected vulnerability affecting Flux, a popular continuous delivery (CD) tool for Kubernetes, would reportedly allow tenants to sabotage the activities of “neighbors” who use the same infrastructure outside of their own facilities. Flux is an open and extensible CD solution to keep Kubernetes clusters in sync with configuration sources, and is used by […]
Cybersecurity specialists report the detection of some security flaws in Argo CD, a declarative continuous delivery tool for Kubernetes following the GitOps pattern of using Git repositories as a source source to define the desired state of the application. According to the report, successful exploitation of these flaws would allow threat actors to deploy multiple […]
A report by CrowdStrike reveals that an extreme weakness affecting the CRI-O container engine for Kubernetes could be utilized to break free from the container and gain root entry to the host. The CrowdStrike’s threat research team uncovered that lack of proper authentication for kernel parameters passed to the pinns utility caused the exposure to […]
Kubernetes is a great platform for container management that has shown a breakthrough lately, both in terms of functionality and in terms of security and resiliency. Specialists claim that Kubernetes’ architecture makes it easy to survive different types of outages and stay active despite everything, making it a great option for pentesting. On this occasion, […]
The cybersecurity experts at Intezer have recently detected a cyberattack, and soon after detecting they have warned that the threat actors of this attack are using the Argo Workflows engine to start attacks on Kubernetes clusters to easily deploy crypto miners. After detecting the cyberattack, the researchers started their deep investigation, and they found a […]
Palo Alto Networks’ Unit 42 researchers have revealed shocking details of a new malware that’s compromising Windows containers to target Kubernetes clusters. Researchers have dubbed it Siloscape. It is regarded as an unusual malware that focuses on Linux as the preferred OS for managing cloud environments and applications. Another interesting aspect of the report is […]
Cybersecurity researchers on Tuesday disclosed a new large-scale campaign targeting Kubeflow deployments to run malicious cryptocurrency mining containers. The campaign involved deploying TensorFlow pods on Kubernetes clusters, with the pods running legitimate TensorFlow images from the official Docker Hub account. However, the container images were configured to execute rogue commands that mine cryptocurrencies. Microsoft said […]
A group of researchers has found a new malware variant designed to breach the security of Windows containers in order to reach Kubernetes clusters. Identified as Siloscape, experts describe this malware variant as something unusual due to its complex features. The report, prepared by Palo Alto Networks, notes that Siloscape was detected in early March, […]