Attackers are constantly seeking new vulnerabilities to compromise Kubernetes environments.
Microsoft recently uncovered an attack that exploits new critical vulnerabilities in OpenMetadata to gain access to Kubernetes workloads and leverage them for cryptomining activity. OpenMetadata is an open-source platform designed to manage metadata across various data sources. It serves as a central repository for metadata lineage, allowing users to discover, understand, and govern their data. On March 15, 2024, several vulnerabilities in OpenMetadata platform were published.
Read more…
Source: Microsoft
Related:
- Hackers scan for vulnerable devices minutes after bug disclosure
May 19, 2021
Every hour, a threat actor starts a new scan on the public web for vulnerable systems, moving at a quicker pace than global enterprises when trying to identify serious vulnerabilities on their networks. The adversaries’ efforts increase significantly when critical vulnerabilities emerge, with new internet-wide scans happening within minutes from the disclosure. Read more… Source: Bleeping Computer
- Windows PoC Exploit Released for Wormable RCE
May 19, 2021
A researcher has released a proof-of-concept (PoC) exploit for CVE-2021-31166, a use-after-free, highly critical vulnerability in the HTTP protocol stack (http.sys) that could lead to wormable remote code execution (RCE). Microsoft discovered the flaw internally, releasing a patch in its May 11 Patch Tuesday update. This was the most severe bug in that batch: an http.sys ...
- May Android security updates patch 4 zero-days exploited in the wild
May 19, 2021
According to info provided by Google’s Project Zero team, four Android security vulnerabilities were exploited in the wild as zero-day bugs before being patched earlier this month. Attacks attempting to exploit these flaws were targeted and impacted a limited number of users based on information shared after this month’s Android security updates were published. Read more… Source: Bleeping ...
- Stalkerware Apps Riddled with Security Bugs
May 18, 2021
Android stalkerware apps – used to surreptitiously track people’s movements and digital activities – turn out to themselves be rife with security holes that put victims in even danger. Stalkerware can track the GPS location of a victim’s device, record conversations, capture images and snoop on browser histories. And overall, according to ESET researcher Lukas Stefanko, ...
- Cross-browser tracking vulnerability tracks you via installed apps
May 14, 2021
Researchers have developed a way to track a user across different browsers on the same machine by querying the installed applications on the device. Certain applications, when installed, will create custom URL schemes that the browser can use to launch a URL in a specific application. Read more… Source: Bleeping Computer
- Apple’s ‘Find My’ Network Exploited via Bluetooth
May 13, 2021
Apple’s “Find My device” function for helping people track their iOS and macOS devices can be exploited to transfer data to and from random passing devices without using the internet, a security researcher has demonstrated. Security researcher Fabian Bräunlein with Positive Security developed a proof of concept, using a microcontroller and a custom MacOS app, that ...