Kubernetes Archives - Security Affairs

Pierluigi Paganini April 27, 2025

Storm-1977 targets education sector with password spraying, Microsoft warns

Microsoft warns that threat actor Storm-1977 is behind password spraying attacks against cloud tenants in the education sector. Over the past year, Microsoft Threat Intelligence researchers observed a threat actor, tracked as Storm-1977, using AzureChecker.exe to launch password spray attacks against cloud tenants in the education sector. AzureChecker.exe connected to sac-auth[.]nodefunction[.]vip to download AES-encrypted data, which, […]

Pierluigi Paganini November 24, 2023

Exposed Kubernetes configuration secrets can fuel supply chain attacks

Researchers warn of publicly exposed Kubernetes configuration secrets that could pose a threat of supply chain attack for organizations. Aqua Nautilus researchers warn of publicly exposed Kubernetes configuration secrets that put organizations at risk of supply chain attacks. The experts noticed that these misconfigurations impact hundreds of organizations and open-source projects. Impacted entities include SAP’s […]

Pierluigi Paganini September 14, 2023

Kubernetes flaws could lead to remote code execution on Windows endpoints

Researchers discovered three security flaws in Kubernetes that can lead to remote code execution on Windows endpoints. Akamai researchers recently discovered a high-severity vulnerability in Kubernetes tracked as CVE-2023-3676 (CVSS 8.8). This identification of this issue led to the discovery of two more vulnerabilities tracked as CVE-2023-3893, and CVE-2023-3955 (CVSS 8.8). All three vulnerabilities were caused by […]

Pierluigi Paganini April 23, 2023

Experts spotted first-ever crypto mining campaign leveraging Kubernetes RBAC

Experts warn of a large-scale cryptocurrency mining campaign exploiting Kubernetes (K8s) Role-Based Access Control (RBAC). Cloud security firm Aqua discovered a large-scale cryptocurrency mining campaign exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) to create backdoors and run miners. The campaign was tracked as RBAC Buster, the experts reported that the attacks are actively targeting at […]

Pierluigi Paganini January 10, 2023

Kinsing malware targets Kubernetes environments via misconfigured PostgreSQL

Kinsing cryptojacking operators are exploiting misconfigured and exposed PostgreSQL servers to access Kubernetes environments. Researchers at Microsoft Defender for Cloud observed threat actors behind the Kinsing cryptojacking operation using two methods to gain initial access in Kubernetes environments: exploitation of weakly configured PostgreSQL containers and exploiting vulnerable images. The crypto-miner Kinsing was first spotted by security firm […]

Pierluigi Paganini February 06, 2022

Argo CD flaw could allow stealing sensitive data from Kubernetes Apps

A flaw in Argo CD tool for Kubernetes could be exploited by attackers to steal sensitive data from Kubernetes Apps. A zero-day vulnerability, tracked as CVE-2022-24348, in the Argo CD tool for Kubernetes could be exploited by attackers to steal sensitive data from Kubernetes Apps, including passwords and API keys. The flaw received a CVSS […]

Pierluigi Paganini August 04, 2021

US CISA and NSA publish guidance to secure Kubernetes deployments

US CISA and NSA released new guidance that provides recommendations on how to harden Kubernetes deployments and minimize the risk of hack. US CISA and NSA released new guidance that provides recommendations to harden Kubernetes deployments. Kubernetes is an open-source container-orchestration system for automating computer application deployment, scaling, and management. In recent months the number […]

Pierluigi Paganini July 25, 2021

Crooks target Kubernetes installs via Argo Workflows to deploy miners

Threat actors target Kubernetes installs via Argo Workflows to cryptocurrency miners, security researchers from Intezer warn. Researchers from Intezer uncovered new attacks on Kubernetes (K8s) installs via misconfigured Argo Workflows aimed at deploying cryptocurrency miners. Argo Workflows is an open-source, container-native workflow engine designed to run on K8s clusters. The experts discovered Argo Workflows instances with […]

Pierluigi Paganini June 07, 2021

Siloscape, first known malware that drops a backdoor into Kubernetes clusters

Siloscape is a new strain of malware that targets Windows Server containers to execute code on the underlying node and spread in the Kubernetes cluster. Researchers from Palo Alto Networks have spotted a piece of malware that targets Windows Server containers to execute code on the underlying node and then drop a backdoor into Kubernetes […]

Pierluigi Paganini March 19, 2021

Why Focusing on Container Runtimes Is the Most Critical Piece of Security for EKS Workloads?

Amazon Elastic Kubernetes Service (EKS), a platform which gives customers the ability to run Kubernetes apps in the AWS cloud or on premises. Organizations are increasingly turning to Kubernetes to manage their containers. In the 2020 Cloud Native Survey, 91% of respondents told the Cloud Native Computing Foundation (CNCF) that they were using Kubernetes—an increase […]

Kubernetes

Storm-1977 targets education sector with password spraying, Microsoft warns

Exposed Kubernetes configuration secrets can fuel supply chain attacks

Kubernetes flaws could lead to remote code execution on Windows endpoints

Experts spotted first-ever crypto mining campaign leveraging Kubernetes RBAC

Kinsing malware targets Kubernetes environments via misconfigured PostgreSQL

Argo CD flaw could allow stealing sensitive data from Kubernetes Apps

US CISA and NSA publish guidance to secure Kubernetes deployments

Crooks target Kubernetes installs via Argo Workflows to deploy miners

Siloscape, first known malware that drops a backdoor into Kubernetes clusters

Why Focusing on Container Runtimes Is the Most Critical Piece of Security for EKS Workloads?

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Severe Hikvision HikCentral product flaws: What You Need to Know

U.S. CISA adds TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities catalog

Crooks turn HexStrike AI into a weapon for fresh vulnerabilities

Google addressed two Android flaws actively exploited in targeted attacks

U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog

QUICK LINKS

Kubernetes

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!