Microsoft has warned that Kubernetes clusters are being targeted in a cryptomining attack while Palo Alto Networks has identified the first malware that targets Windows Containers – in order to compromise the Kubernetes clusters that host them. Cryptomining on Kubernetes Kubeflow is a popular framework for deploying Machine Learning workloads in a Kubernetes environment. MicrosoftRead more
Blog
Hewlett Packard Enterprise has released a patch to fix a critical remote code execution vulnerability in the Windows version of their System Insight Manager. The bug in the Federated Search and CMS Configuration (CVE-2020-7200) feature of version 7.6.x of HPE SIM, has a critical CVSS score of 9.8. According to the security advisory from HPE,Read more
Over 25% of the TOR network exit nodes have been under the control of malicious actors who are performing man-in-the-middle attacks against network users. What is the TOR Network The TOR Network is a volunteer run network of relay servers that aims to provide anonymous and secure internet access that prevents its users from beingRead more
By using Pass-the-cookie techniques, attackers can access web applications without knowing a userid, password or even the one-time password from a multi-factor system. And if the web application in question is the management console for your AWS, Google or Azure environment then they stolen have the keys to your kingdom. In January 2021, CISA drewRead more
Web browsers are adding more TCP ports to their block lists in an attempt to prevent exploitation of NAT Slipstream attacks. NAT Slipstreaming is an attack which tricks the NAT router into allowing external traffic through the NAT firewall to target any internal network device by abusing protocols such as SIP or H.323 where thisRead more
Web shell attacks have doubled over the last 6 months according to Microsoft’s Detection And Response Team. But, what are Web Shell Attacks and how can you defend against them? In a recent blog post, Microsoft’s DART detailed the rise in Web Shell Attacks that have been uncovered in Windows Defender telemetry- growing from anRead more
A vulnerability in the Drupal web content management system can be exploited to allow arbitrary code execution, affecting almost a million websites. A security advisory from Drupal describes how this critical vulnerability can be exploited to perform arbitrary execution of PHP code. Security patches are available for Drupal versions 7, 8 and 9. The problemRead more
Oracle patched a vulnerability in their WebLogic server in October 2020 – eight days later working exploit code was published online and now it is being used by criminals. CVE-2020-14882 allows an attacker to perform a Remote Code Execution attack with minimal effort or skill required. Juniper Networks security researchers reports at least five differentRead more
Last week an SQL injection vulnerability was discovered in the popular Loginizer plugin used by over a million WordPress sites. Such was the risk, WordPress took the unusual step of forcing updates into sites that use the plug-in – even those with auto-update turned off. The flaw in Loginizer can be exploited by an attackerRead more
Southern Water found itself in hot water last week when a security researcher discovered a server side request forgery exploit in their customer service system. The (quickly rectified) mistake on the Southern Water customer self-service portal allowed the URL to be manipulated in order to display the details of another arbitrary customer account. The targetRead more
