#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

Container Security | Breaking Cybersecurity News | The Hacker News

Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes

Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes
Apr 18, 2024 Container Security / Cryptocurrency
Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity. That's according to the Microsoft Threat Intelligence team, which  said  the flaws have been weaponized since the start of April 2024. OpenMetadata is an  open-source platform  that operates as a metadata management tool, offering a unified solution for data asset discovery, observability, and governance. The flaws in question – all discovered and credited to security researcher Alvaro Muñoz – are listed below - CVE-2024-28847  (CVSS score: 8.8) - A Spring Expression Language (SpEL) injection vulnerability in PUT /api/v1/events/subscriptions (fixed in version 1.2.4) CVE-2024-28848  (CVSS score: 8.8) - A SpEL injection vulnerability in GET /api/v1/policies/validation/condition/<expr> (fixed in version 1.2.4) CVE-2024-28253  (CVSS score: 8.8) - A SpEL injection vulnerability in PUT /api/v

Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover

Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover
Mar 14, 2024 Container Security / Vulnerability
Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific circumstances. "The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster," Akamai security researcher Tomer Peled  said . "To exploit this vulnerability, the attacker needs to apply malicious YAML files on the cluster." Tracked as CVE-2023-5528 (CVSS score: 7.2), the shortcoming impacts all versions of kubelet, including and after version 1.8.0. It was addressed as part of updates released on November 14, 2023, in the following versions - kubelet v1.28.4 kubelet v1.27.8 kubelet v1.26.11, and kubelet v1.25.16 "A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes," Kubernetes maintainers  said  in a

Wazuh in the Cloud Era: Navigating the Challenges of Cybersecurity

Wazuh in the Cloud Era: Navigating the Challenges of Cybersecurity
Feb 09, 2024 Cloud Security / Open Source XDR / SIEM
Cloud computing has innovated how organizations operate and manage IT operations, such as data storage, application deployment, networking, and overall resource management. The cloud offers scalability, adaptability, and accessibility, enabling businesses to achieve sustainable growth. However, adopting cloud technologies into your infrastructure presents various cybersecurity risks and challenges that demand diligent consideration. In this blog post, we will explore some challenges of cybersecurity in the cloud era. We will also delve into how Wazuh, a cybersecurity solution supporting cloud platforms like Amazon Web Services (AWS), Microsoft Azure, Github, and Google Cloud Platform (GCP), can help address these challenges effectively. The rise of cloud computing Cloud computing deploys services, including servers, storage, software, databases, networking, and intelligence over the Internet " the cloud " to offer flexible resources, faster innovation, and cost efficiencies. Cloud c

Protecting Your Organization From Insider Threats - All You Need to Know

cyber security
websiteWing SecuritySaaS Security
Get practical insights and strategies to manage inadequate offboarding and insider risks effectively.

SHQ Response Platform and Risk Centre to Enable Management and Analysts Alike

SHQ Response Platform and Risk Centre to Enable Management and Analysts Alike
May 13, 2024Threat Detection / SoC / SIEM
In the last decade, there has been a growing disconnect between front-line analysts and senior management in IT and Cybersecurity. Well-documented challenges facing modern analysts revolve around a high volume of alerts, false positives, poor visibility of technical environments, and analysts spending too much time on manual tasks. The Impact of Alert Fatigue and False Positives  Analysts are overwhelmed with alerts. The knock-on effect of this is that fatigued analysts are at risk of missing key details in incidents, and often conduct time-consuming triaging tasks manually only to end up copying and pasting a generic closing comment into a false positive alert.  It is likely that there will always be false positives. And many would argue that a false positive is better than a false negative. But for proactive actions to be made, we must move closer to the heart of an incident. That requires diving into how analysts conduct the triage and investigation process. SHQ Response Platfo

Google Cloud Resolves Privilege Escalation Flaw Impacting Kubernetes Service

Google Cloud Resolves Privilege Escalation Flaw Impacting Kubernetes Service
Dec 28, 2023 Cloud Security / Data Protection
Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already has access to a Kubernetes cluster to escalate their privileges. "An attacker who has compromised the  Fluent Bit  logging container could combine that access with high privileges required by  Anthos Service Mesh  (on clusters that have enabled it) to escalate privileges in the cluster," the company  said  as part of an advisory released on December 14, 2023. Palo Alto Networks Unit 42, which discovered and reported the shortcoming, said adversaries could weaponize it to carry out "data theft, deploy malicious pods, and disrupt the cluster's operations." There is no evidence that the issue has been exploited in the wild. It has been addressed in the following versions of Google Kubernetes Engine (GKE) and Anthos Service Mesh (ASM) - 1.25.16-gke.1020000 1.26.10-gke.1235000 1.27.7-gke.1293000 1.28.4-gke.1083000 1.17.8-asm.8 1.18.

Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories

Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories
Nov 24, 2023 Cloud security / Data Protection
Cybersecurity researchers are warning of publicly exposed Kubernetes configuration secrets that could put organizations at risk of supply chain attacks. "These encoded Kubernetes configuration secrets were uploaded to public repositories," Aqua security researchers Yakir Kadkoda and Assaf Morag  said  in a new research published earlier this week. Some of those impacted include two top blockchain companies and various other fortune-500 companies, according to the cloud security firm, which leveraged the GitHub API to fetch all entries containing .dockerconfigjson and .dockercfg types that  store credentials  for accessing a container image registry. Of the 438 records that potentially held valid credentials for registries, 203 records – about 46% – contained valid credentials that provided access to the respective registries. Ninety-three of the passwords were manually set by individuals, as opposed to the 345 that were computer-generated. "In the majority of cases, these creden
Expert Insights
Cybersecurity Resources