Gatekeeper is a powerful tool designed to manage and implement policies across your EKS clusters, making cross-functional collaboration secure and efficient
Threat actors are actively exploiting critical vulnerabilities in OpenMetadata to gain unauthorized access to Kubernetes workloads and leverage them for cryptocurrency mining activity.
That's according to the Microsoft Threat Intelligence team, which said the flaws have been weaponized since the start of April 2024.
OpenMetadata is an open-source platform that operates as a
Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific circumstances.
βThe vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster,β Akamai security researcher Tomer Peled said. βTo exploit
In the realm of cybersecurity, the stakes are sky-high, and at its core lies secrets management β the foundational pillar upon which your security infrastructure rests. We're all familiar with the routine: safeguarding those API keys, connection strings, and certificates is non-negotiable. However, let's dispense with the pleasantries; this isn't a simple 'set it and forget it' scenario. It's
Multiple security vulnerabilities have been disclosed in the runC command line tool that could be exploited by threat actors to escape the bounds of the container and stage follow-on attacks.
The vulnerabilities, tracked as CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653, have been collectively dubbed Leaky Vessels by cybersecurity vendor Snyk.
"These container
Google Cloud has addressed a medium-severity security flaw in its platform that could be abused by an attacker who already has access to a Kubernetes cluster to escalate their privileges.
"An attacker who has compromised the Fluent Bit logging container could combine that access with high privileges required by Anthos Service Mesh (on clusters that have enabled it) to
Cybersecurity researchers are warning of publicly exposed Kubernetes configuration secrets that could put organizations at risk of supply chain attacks.
βThese encoded Kubernetes configuration secrets were uploaded to public repositories,β Aqua security researchers Yakir Kadkoda and Assaf MoragΒ saidΒ in a new research published earlier this week.
Some of those impacted include two top blockchain
In 2023, the cloud isn't just a technologyβit's a battleground. Zenbleed, Kubernetes attacks, and sophisticated APTs are just the tip of the iceberg in the cloud security warzone.
In collaboration with the esteemed experts from Lacework Labs, The Hacker News proudly presents an exclusive webinar: 'Navigating the Cloud Attack Landscape: 2023 Trends, Techniques, and Tactics.'
Join us for an
Three unpatched high-severity security flaws have been disclosed in theΒ NGINX Ingress controllerΒ for Kubernetes that could be weaponized by a threat actor to steal secret credentials from the cluster.
The vulnerabilities are as follows -Β
CVE-2022-4886Β (CVSS score: 8.8) -Β Ingress-nginxΒ path sanitization can be bypassed to obtain the credentials of the ingress-nginx controller
CVE-2023-5043Β (
Login
FreshRSS