More results...
The Scarleteel threat targets AWS Fargate environments for data theft and more malicious types of attacks such as cryptojacking and DDoS. Learn how to mitigate this threat.
KubeStalk is a tool to discover Kubernetes and related infrastructure based attack surface from a black-box perspective. This tool is a community version of the tool used to probe for unsecured Kubernetes clusters around the internet during Project Resonance – Wave 9. Usage The GIF below demonstrates usage of the tool: Installation KubeStalk is written […]
Technologies like Kubernetes and K3S are synonymous with the success of cloud native computing and the power of open source. It is no accident they have steamrolled the competition. As enterprises look to secure cloud-native environments, open source i…
The importance of software bills of materials (SBOMs) has grown substantially in recent years as organizations recognize the need for greater transparency in the software supply chain. This focus on SBOMs is a response to increasing cybersecurity threa…
Kubernetes Security Operations Center (KSOC) released the first-ever Kubernetes Bill of Materials (KBOM) standard. Available in an open-source CLI tool, this KBOM enables cloud security teams to understand the scope of third-party tooling in their envi…
Threat actors have been observed abusing Kubernetes RBAC to create backdoors and hijack cluster resources for cryptocurrency mining.
The post Attackers Abuse Kubernetes RBAC to Deploy Persistent Backdoor appeared first on SecurityWeek.
Experts warn of a large-scale cryptocurrency mining campaign exploiting Kubernetes (K8s) Role-Based Access Control (RBAC). Cloud security firm Aqua discovered a large-scale cryptocurrency mining campaign exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) to create backdoors and run miners. The campaign was tracked as RBAC Buster, the experts reported that the attacks are actively targeting at […]
The post Experts spotted first-ever crypto mining campaign leveraging Kubernetes RBAC appeared first on Security Affairs.
Recently, a new attack campaign has been discovered by the cybersecurity researchers at Aqua Security that exploits Kubernetes RBAC to assemble backdoors and mine cryptocurrency like Monero. Kubernetes API access control system known as RBAC enables ad…
In this Help Net Security video, Michael Peters, Principal Software Engineer at Red Hat, discusses how to implement a zero-trust system that uses workload identity across a service mesh in Kubernetes to provide explicit authorization between services, …
Learn how this cryptocurrency campaign operates and its scope. Then, get tips on protecting vulnerable Kubernetes instances from this cybersecurity threat.
The post First Dero cryptojacking campaign targets unprotected Kubernetes instances appeared fir…