Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II
‎12-05-2018 02:54 PM
‎12-05-2018 02:54 PM

Kubernetes

Even if you don't run Kubernetes (and I know some of you do), you probably need to pay attention to their security bug.  See, Kubernetes is an infrastructure component of a lot of cloud systems--and, nowadays, who isn't running, storing, or managing something in the cloud?

 

The flaw, in brief, allows anyone to submit a malformed request to Kubernetes pods over the API.  Rather than simply being ignored, this allows the attacker to then submit further requests without any authorization checking.  Which means that attackers can do pretty much anything with the pods.  Which means they can get at pretty much anything you've got on the cloud that is managed via Kubernetes.  Or that anyone is managing on your behalf using Kubernetes ...

 

The bug is now fixed.  If you run Kubernetes make sure you are updated to the latest level.  If you don't run Kubernetes, find out if anyone you rely on does ...


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Reply
0 Replies