kubernetes Archives

Cybersecurity experts are alerting companies to the possibility of supply chain attacks due to publicly disclosed Kubernetes configuration secrets. In a new study released earlier this week, Aqua security researchers Yakir Kadkoda and Assaf Morag stated that these encoded Kubernetes configuration secrets had been uploaded to public repositories. According to the cloud security firm, which used the GitHub API to retrieve all entries containing the extensions.dockerconfigjson and.dockercfg—which store credentials for accessing a container image registry—among those affected are two of the leading blockchain companies and several other Fortune 500 companies read more Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories. Get up to date on the latest cybersecurit...

In order to get early access to Kubernetes setups, the threat actors behind the Kinsing cryptojacking operation have been seen taking advantage of unprotected and improperly configured PostgreSQL servers. According to a paper published last week by Sunders Bruskin, a security researcher at Microsoft Defender for Cloud, a second initial access vector strategy involves the use of weak pictures. Kinsing has a long history of attacking containerized environments, frequently employing open Docker daemon API ports that have been misconfigured as well as making use of recently discovered exploits to install cryptocurrency mining software. The threat actor has already been identified by terminating and uninstalling competing for resource-intensive services and processes, as well as using...

Tag: kubernetes

Kubernetes Secrets of Fortune 500 Companies Exposed in Public Repositories

Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL