Cyberveilleby Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
5 résultats taggé Kubernetes  ✕
Can't Be Contained: Finding a Command Injection Vulnerability in Kubernetes https://www.akamai.com/blog/security-research/kubernetes-critical-vulnerability-command-injection
15/09/2023 16:34:42
QRCode
archive.org
thumbnail

Akamai researchers discover a critical vulnerability in Kubernetes that can lead to remote code execution.

akamai EN 2023 Kubernetes command-injection vulnerability YAML rce remote-code-execution
SCARLETEEL: Operation leveraging Terraform, Kubernetes, and AWS for data theft https://sysdig.com/blog/cloud-breach-terraform-data-theft/
09/03/2023 18:42:29
QRCode
archive.org
thumbnail

The Sysdig Threat Research Team recently discovered a sophisticated cloud operation in a customer environment, dubbed SCARLETEEL.

sysdig EN 2023 SCARLETEEL cloud Kubernetes Terraform AWS Data-Theft
Misconfigured PostgreSQL Used to Target Kubernetes Clusters https://www.databreachtoday.eu/misconfigured-postgresql-used-to-target-kubernetes-clusters-a-20899?s=09
11/01/2023 11:33:08
QRCode
archive.org
thumbnail

Researchers have found that Kinsing malware gained access to Kubernetes servers by exploiting misconfigured and exposed PostgreSQL servers. The threat actors gained

databreachtoday EN 2023 PostgreSQL Kubernetes Misconfigured malware Kinsing
New Kiss-a-dog Cryptojacking Campaign Targets Docker and Kubernetes https://www.crowdstrike.com/blog/new-kiss-a-dog-cryptojacking-campaign-targets-docker-and-kubernetes/
22/12/2022 10:08:41
QRCode
archive.org
thumbnail

CrowdStrike has uncovered a new cryptojacking campaign targeting vulnerable Docker and Kubernetes infrastructure using an obscure domain from the payload, container escape attempt and anonymized “dog” mining pools.

Called “Kiss-a-dog,” the campaign used multiple command-and-control (C2) servers to launch attacks that attempted to mine cryptocurrency, utilize user and kernel mode rootkits to hide the activity, backdoor compromised containers, move laterally in the network and gain persistence. 

The CrowdStrike Falcon® platform helps protect organizations of all sizes from sophisticated breaches, including cryptojacking campaigns such as this. 

crowdstrike EN 2022 Kiss-a-dog Cryptojacking docker kubernetes
Escaping privileged containers for fun https://pwning.systems/posts/escaping-containers-for-fun/
07/03/2022 08:22:11
QRCode
archive.org

Despite the fact that it is not a 'real' vulnerability, escaping privileged Docker containers is nevertheless pretty funny. And because there will always be people who will come up with reasons or excuses to run a privileged container (even though you really shouldn't), this could really be handy at some point in the future

escape docker kubernetes pwningsystems EN 2022 escalation
1765 links
Shaarli - Le gestionnaire de marque-pages personnel, minimaliste, et sans base de données par la communauté Shaarli - Theme by kalvn - Curated by Decio