CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

Kinsing Cryptojacking Hits Kubernetes Clusters via Misconfigured PostgreSQL

admin by admin
January 9, 2023
in Information Security


Jan 09, 2023Ravie LakshmananKubernetes / Cryptojacking

The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments.

A second initial access vector technique entails the use of vulnerable images, Sunders Bruskin, security researcher at Microsoft Defender for Cloud, said in a report last week.

Kinsing has a storied history of targeting containerized environments, often leveraging misconfigured open Docker daemon API ports as well as abusing newly disclosed exploits to drop cryptocurrency mining software.

The threat actor, in the past, has also been discovered employing a rootkit to hide its presence, in addition to terminating and uninstalling competing resource-intensive services and processes.

Now according to Microsoft, misconfigurations in PostgreSQL servers have been co-opted by the Kinsing actor to gain an initial foothold, with the company observing a “large amount of clusters” infected in this manner.

Kinsing Cryptojacking Attacks

The misconfiguration relates to a trust authentication setting, which could be abused to connect to the servers sans any authentication and achieve code execution should the option be set up to accept connections from any IP address.

“In general, allowing access to a broad range of IP addresses is exposing the PostgreSQL container to a potential threat,” Bruskin explained.

The alternative attack vector targets servers with vulnerable versions of PHPUnit, Liferay, WebLogic, and WordPress that are susceptible to remote code execution in order to run malicious payloads.

What’s more, a recent “widespread campaign” involved the attackers scanning for open default WebLogic port 7001, and if found, executing a shell command to launch the malware.

“Exposing the cluster to the Internet without proper security measures can leave it open to attack from external sources,” Bruskin said. “In addition, attackers can gain access to the cluster by taking advantage of known vulnerabilities in images.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

14 Inspiring Resolutions for Digital Trailblazers, CIOs, and CDOs on Digital Transformation

Next Post

Initiativesofbods ~ Future of CIO

Related Posts

Information Security

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

by admin
February 2, 2023
Information Security

AWS achieves ISO 20000-1:2018 certification for 109 services

by admin
February 2, 2023
Information Security

Everything you need to know

by admin
February 2, 2023
Information Security

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

by admin
February 1, 2023
Information Security

How to set up ongoing replication from your third-party secrets manager to AWS Secrets Manager

by admin
February 1, 2023
Next Post

Initiativesofbods ~ Future of CIO

Recommended

Initiatetogoapproach

February 2, 2023

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

February 2, 2023

AWS achieves ISO 20000-1:2018 certification for 109 services

February 2, 2023

Everything you need to know

February 2, 2023

Influentialleadership ~ Future of CIO

February 1, 2023

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

February 1, 2023

© 2022 CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.