Kubernetes Clusters Under Attack: Critical OpenMetadata Vulnerabilities Exploited
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Microsoft Security recently revealed a sophisticated cyber-attack campaign that targets Kubernetes clusters by exploiting newly discovered vulnerabilities in the OpenMetadata platform.
The attackers have set their sights on Kubernetes workloads, leveraging critical vulnerabilities in the OpenMetadata platform to infiltrate and exploit these systems for cryptomining activities.
OpenMetadata, an open-source platform designed for comprehensive metadata management across various data sources, has become the latest target due to its widespread use and central role in data governance and discovery.
On March 15, 2024, a series of vulnerabilities within the OpenMetadata platform were disclosed, affecting versions prior to 1.3.1.
These vulnerabilities, identified as CVE-2024-28255, CVE-2024-28847, CVE-2024-28253, CVE-2024-28848, and CVE-2024-28254, pose a significant risk as they allow attackers to bypass authentication mechanisms, enabling unauthorized code execution on containers running the vulnerable OpenMetadata versions.
Initial Access and Exploitation
Microsoft said the attack begins by identifying Kubernetes workloads running OpenMetadata that are exposed to the Internet.
Free Live Webinar for DIFR/SOC Teams : Securing the Top 3 SME Cyber Attack Vectors -Register Here .
This method of attack not only compromises the integrity and confidentiality of the Kubernetes workloads and allows attackers to utilize the compromised systems for cryptomining activities, thereby siphoning off valuable computing resources for their gain.
In response to this critical threat, Microsoft strongly recommends that all customers review their Kubernetes clusters running OpenMetadata workloads.
It is imperative that these systems be updated to the latest version (1.3.1 or later) to mitigate the risk of exploitation.
How to Check For Vulnerability
If OpenMetadata needs to be accessible on the internet, ensure that secure authentication mechanisms are in place and avoid relying on default login credentials.
To get a list of all the images running in the cluster:
kubectl get pods --all-namespaces -o=jsonpath='{range .items[*]}{.spec.containers[*].image}{"\n"}{end}' | grep 'openmetadata'
If there is a pod with a vulnerable image, update the image version to the latest version.
Looking to Safeguard Your Company from Advanced Cyber Threats? DeployTrustNetto Your Radar ASAP .
#Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Kubernetes Clusters Under Attack: Critical OpenMetadata Vulnerabilities Exploited
Author: Guru BaranMicrosoft Security recently revealed a sophisticated cyber-attack campaign that targets Kubernetes clusters by exploiting newly discovered vulnerabilities in the OpenMetadata platform.
The attackers have set their sights on Kubernetes workloads, leveraging critical vulnerabilities in the OpenMetadata platform to infiltrate and exploit these systems for cryptomining activities.
OpenMetadata, an open-source platform designed for comprehensive metadata management across various data sources, has become the latest target due to its widespread use and central role in data governance and discovery.
On March 15, 2024, a series of vulnerabilities within the OpenMetadata platform were disclosed, affecting versions prior to 1.3.1.
These vulnerabilities, identified as CVE-2024-28255, CVE-2024-28847, CVE-2024-28253, CVE-2024-28848, and CVE-2024-28254, pose a significant risk as they allow attackers to bypass authentication mechanisms, enabling unauthorized code execution on containers running the vulnerable OpenMetadata versions.
Initial Access and Exploitation
Microsoft said the attack begins by identifying Kubernetes workloads running OpenMetadata that are exposed to the Internet.
Free Live Webinar for DIFR/SOC Teams : Securing the Top 3 SME Cyber Attack Vectors -Register Here .
This method of attack not only compromises the integrity and confidentiality of the Kubernetes workloads and allows attackers to utilize the compromised systems for cryptomining activities, thereby siphoning off valuable computing resources for their gain.
In response to this critical threat, Microsoft strongly recommends that all customers review their Kubernetes clusters running OpenMetadata workloads.
It is imperative that these systems be updated to the latest version (1.3.1 or later) to mitigate the risk of exploitation.
How to Check For Vulnerability
If OpenMetadata needs to be accessible on the internet, ensure that secure authentication mechanisms are in place and avoid relying on default login credentials.
To get a list of all the images running in the cluster:
kubectl get pods --all-namespaces -o=jsonpath='{range .items[*]}{.spec.containers[*].image}{"\n"}{end}' | grep 'openmetadata'
If there is a pod with a vulnerable image, update the image version to the latest version.
Looking to Safeguard Your Company from Advanced Cyber Threats? DeployTrustNetto Your Radar ASAP .
#Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
