Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity.
That's according to the Microsoft Threat Intelligence team, which said the flaws have been weaponized since the start of April 2024.
OpenMetadata is an open-source platform that operates as a
Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific circumstances.
βThe vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster,β Akamai security researcher Tomer Peled said. βTo exploit
Cloud computing has innovated how organizations operate and manage IT operations, such as data storage, application deployment, networking, and overall resource management. The cloud offers scalability, adaptability, and accessibility, enabling businesses to achieve sustainable growth. However, adopting cloud technologies into your infrastructure presents various cybersecurity risks and
Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks.
The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have been collectively dubbed Leaky Vessels by cybersecurity vendor Snyk.
"These container
Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already has access to a Kubernetes cluster to escalate their privileges.
"An attacker who has compromised the Fluent Bit logging container could combine that access with high privileges required by Anthos Service Mesh (on clusters that have enabled it) to
Cybersecurity researchers are warning of publicly exposed Kubernetes configuration secrets that could put organizations at risk of supply chain attacks.
βThese encoded Kubernetes configuration secrets were uploaded to public repositories,β Aqua security researchers Yakir Kadkoda and Assaf MoragΒ saidΒ in a new research published earlier this week.
Some of those impacted include two top blockchain
Numerous industriesβincluding technology, financial services, energy, healthcare, and governmentβare rushing to incorporate cloud-based and containerized web applications.Β
The benefits are undeniable; however, this shift presents new security challenges.Β
OPSWAT's 2023 Web Application Security reportΒ reveals:
75% of organizations have modernized their infrastructure this year.
78% have
Login
FreshRSS