Attackers are constantly seeking new vulnerabilities to compromise Kubernetes environments.
Microsoft recently uncovered an attack that exploits new critical vulnerabilities in OpenMetadata to gain access to Kubernetes workloads and leverage them for cryptomining activity. OpenMetadata is an open-source platform designed to manage metadata across various data sources. It serves as a central repository for metadata lineage, allowing users to discover, understand, and govern their data. On March 15, 2024, several vulnerabilities in OpenMetadata platform were published.
Read more…
Source: Microsoft
Related:
- Miscreants fling booby-trapped Office files at victims, no patch yet, says Microsoft
September 7, 2021
In an advisory issued on Tuesday, Microsoft said some of its users were targeted by poisoned Office documents that exploit an unpatched flaw to hijack their Windows machines. The vulnerability, CVE-2021-40444, is described as a hole in MSHTML, Internet Explorer’s browser engine. Miscreants are seemingly placing a malicious ActiveX control in an Office document and convincing ...
- Netgear Smart Switches Open to Complete Takeover
September 7, 2021
Three severe Netgear vulnerabilities, codenamed Demon’s Cries, Draconian Fear and Seventh Inferno by the researcher that found them, affect 20 of the company’s managed smart switches and could allow an attacker to take them over. The bugs were patched on Friday with zero technical details made available, but the researcher has now released more details on ...
- Threat Brief: CVE-2021-26084
September 3, 2021
On Aug. 25, 2021, Atlassian released a security advisory for an injection vulnerability in Confluence Server and Data Center, CVE-2021-26084. If the vulnerability is exploited, threat actors could bypass authentication and run arbitrary code on unpatched systems. Since the release of this advisory, mass scanning activity has started to occur, seeking unpatched systems, and in-the-wild ...
- Bluetooth Bugs Open Billions of Devices to DoS, Code Execution
September 2, 2021
Researchers have disclosed a group of 16 different vulnerabilities collectively dubbed BrakTooth, which impact billions of devices that rely on Bluetooth Classic (BT) for communication. According to an academic paper from the University of Singapore, the bugs are found in the closed commercial BT stack used by at least 1,400 embedded chip components, that can lead ...
- Cisco Releases Security Updates for Cisco Enterprise NFVIS
September 2, 2021
Cisco has released security updates to address a critical vulnerability affecting Cisco Enterprise Network Function Virtualization Infrastructure Software (NFVIS) Release 4.5.1. A remote attacker could exploit this vulnerability to take control of an affected system. For updates addressing lower severity vulnerabilities, see the Cisco Security Advisories page. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- Comcast RF Attack Leveraged Remotes for Surveillance
September 2, 2021
More details about a now-patched vulnerability in Comcast’s XR11 voice remotes have emerged, which would have made it easy for a threat actor to intercept radio frequency (RF) communications between the remote and the set-top box, effectively turning the remote into a surveillance device. The XR11 remotes are some of the most common around, with more ...