Latest Kubernetes news

Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks

In an ongoing Kubernetes cryptomining campaign, attackers target OpenMetadata workloads using critical remote code execution and authentication vulnerabilities.
- Sergiu Gatlan
- April 17, 2024
- 05:01 PM
- 0
Kubernetes RBAC abused to create persistent cluster backdoors

Hackers use a novel method involving RBAC (Role-Based Access Control) to create persistent backdoor accounts on Kubernetes clusters and hijack their resources for Monero crypto-mining.
- Bill Toulas
- April 21, 2023
- 11:35 AM
- 0
First-known Dero cryptojacking operation seen targeting Kubernetes

The first known cryptojacking operation mining the Dero coin has been found targeting vulnerable Kubernetes container orchestrator infrastructure with exposed APIs.
- Bill Toulas
- March 15, 2023
- 06:00 AM
- 0
Microsoft: Kubernetes clusters hacked in malware campaign via PostgreSQL

The Kinsing malware is now actively breaching Kubernetes clusters by leveraging known weaknesses in container images and misconfigured, exposed PostgreSQL containers.
- Bill Toulas
- January 09, 2023
- 04:16 PM
- 2
Over 900,000 Kubernetes instances found exposed online

Over 900,000 misconfigured Kubernetes clusters were found exposed on the internet to potentially malicious scans, some even vulnerable to data-exposing cyberattacks.
- Bill Toulas
- June 28, 2022
- 06:39 AM
- 4
Google almost doubles Linux Kernel, Kubernetes zero-day rewards

Google says it bumped up rewards for reports of Linux Kernel, Kubernetes, Google Kubernetes Engine (GKE), or kCTF vulnerabilities by adding bigger bonuses for zero-day bugs and exploits using unique exploitation techniques.
- Sergiu Gatlan
- February 15, 2022
- 03:38 PM
- 0
Argo CD vulnerability leaks sensitive info from Kubernetes apps

A vulnerability in Argo CD, used by thousands of orgs for deploying applications to Kubernetes, can be leveraged in attacks to disclose sensitive information such as passwords and API keys.
- Bill Toulas
- February 04, 2022
- 10:43 AM
- 0
Linux kernel bug can let hackers escape Kubernetes containers

A vulnerability affecting Linux kernel and tracked as CVE-2022-0185 can be used to escape Kubernetes containers, giving access to resources on the host system.
- Bill Toulas
- January 25, 2022
- 11:56 AM
- 0
This Kubernetes training is your ticket to a job in cloud computing

The Ultimate Kubernetes & Cloud Certification Training Bundle provides the ideal introduction, with 12 courses helping you to learn practical skills and prepare for exams. You can get it today for only $39.99.
- BleepingComputer Deals
- September 24, 2021
- 07:22 AM
- 0
Microsoft fixes bug letting hackers take over Azure containers

Microsoft has fixed a vulnerability in Azure Container Instances called Azurescape that allowed a malicious container to take over containers belonging to other customers on the platform.
- Ionut Ilascu
- September 09, 2021
- 11:08 AM
- 0
Become a certified Kubernetes and cloud expert with 12 courses for $40

The Ultimate Kubernetes & Cloud Certification Training Bundle helps you break into this lucrative niche, with 12 courses working towards top exams. You can get the training today for only $29.99.
- BleepingComputer Deals
- August 17, 2021
- 08:26 AM
- 0
NSA and CISA share Kubernetes security recommendations

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have published comprehensive recommendations for strengthening the security of an organization's Kubernetes system.
- Ionut Ilascu
- August 04, 2021
- 01:02 AM
- 0
Attackers deploy cryptominers on Kubernetes clusters via Argo Workflows

Threat actors are abusing misconfigured Argo Workflows instances to deploy cryptocurrency miners on Kubernetes (K8s) clusters.
- Sergiu Gatlan
- July 23, 2021
- 11:27 AM
- 0
NSA: Russian GRU hackers use Kubernetes to run brute force attacks

The National Security Agency (NSA) warns that Russian nation-state hackers are conducting brute force attacks to access US networks and steal email and files.
- Lawrence Abrams
- July 01, 2021
- 11:00 AM
- 1
Microsoft warns of cryptomining attacks on Kubernetes clusters

Microsoft warns of an ongoing series of attacks compromising Kubernetes clusters running Kubeflow machine learning (ML) instances to deploy malicious containers that mine for Monero and Ethereum cryptocurrency.
- Sergiu Gatlan
- June 09, 2021
- 01:05 PM
- 0
New Kubernetes malware backdoors clusters via Windows containers

New malware active for more than a year is compromising Windows containers to compromise Kubernetes clusters with the end goal of backdooring them and paving the way for attackers to abuse them in other malicious activities.
- Sergiu Gatlan
- June 07, 2021
- 06:51 AM
- 0
All Kubernetes versions affected by unpatched MiTM vulnerability

The Kubernetes Product Security Committee has provided advice on how to temporarily block attackers from exploiting a vulnerability that could enable them to intercept traffic from other pods in multi-tenant Kubernetes clusters in man-in-the-middle (MiTM) attacks.
- Sergiu Gatlan
- December 08, 2020
- 09:20 AM
- 0
Hackers use legit tool to take over Docker, Kubernetes platforms

In a recent attack, cybercrime group TeamTNT relied on a legitimate tool to avoid deploying malicious code on compromised cloud infrastructure and still have a good grip on it.
- Ionut Ilascu
- September 08, 2020
- 02:20 PM
- 0
Cryptojacking worm steals AWS credentials from Docker systems

A cybercrime group known as TeamTNT is using a crypto-mining worm to steal plaintext AWS credentials and config files from compromised Docker and Kubernetes systems.
- Sergiu Gatlan
- August 18, 2020
- 11:39 AM
- 0
Severe Flaws in Kubernetes Expose All Servers to DoS Attacks

Two high severity security flaws impacting the Kubernetes open-source system for handling containerized apps can allow an unauthorized attacker to trigger a denial of services state remotely, without user interaction.
- Sergiu Gatlan
- August 20, 2019
- 11:15 AM
- 0