Subscribe to Updates

    Get the latest creative news from CRYPTO NOUNCE.

    What's Hot

    Learn to Build a ChatGPT Bot for Only $30

    March 25, 2023

    Cardano’s efforts for scaling seem promising, but is ADA well-guarded

    March 25, 2023

    ‘So infuriating’: TikTokers are fuming over potential ban

    March 25, 2023
    Facebook Twitter Instagram
    Facebook Twitter Instagram Vimeo
    Cryptonounce.com
    Contact
    • Business
      • Deals
      • investors
      • IPO
      • Startups
      • Wall Street
    • Markets
      • Bonds
      • Commodities & Futures
      • Currencies
      • Funds & ETFs
      • Stocks
    • Crypto
      • Alticoins News
      • Binance News
      • Bitcoins News
      • Blockchain News
      • Ethereum News
      • Token Sales News
      • XRP News
    • Technology
      • Artificial Intelligence
      • Big Data
      • Cloud Computing
      • Cybersecurity
      • Gaming
      • Internet of Things
      • Mobile
      • Social Media
      • Transportation
      • VR & AR
    • FinTech
    • Personal finance
    • Grides
      • Crypto
      • FinTech
      • Investing
      • Personal Finance Guides
      • Techonology
    • Tools
      • Coins
      • ICO List
      • Organigations
      • Events
    Cryptonounce.com
    Home » Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL
    Cybersecurity

    Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL

    AdmincryptBy AdmincryptJanuary 9, 2023No Comments2 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp VKontakte Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Jan 09, 2023Ravie LakshmananKubernetes / Cryptojacking

    Kinsing Cryptojacking

    The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments.

    A second initial access vector technique entails the use of vulnerable images, Sunders Bruskin, security researcher at Microsoft Defender for Cloud, said in a report last week.

    Kinsing has a storied history of targeting containerized environments, often leveraging misconfigured open Docker daemon API ports as well as abusing newly disclosed exploits to drop cryptocurrency mining software.

    The threat actor, in the past, has also been discovered employing a rootkit to hide its presence, in addition to terminating and uninstalling competing resource-intensive services and processes.

    Now according to Microsoft, misconfigurations in PostgreSQL servers have been co-opted by the Kinsing actor to gain an initial foothold, with the company observing a “large amount of clusters” infected in this manner.

    Kinsing Cryptojacking Attacks

    The misconfiguration relates to a trust authentication setting, which could be abused to connect to the servers sans any authentication and achieve code execution should the option be set up to accept connections from any IP address.

    “In general, allowing access to a broad range of IP addresses is exposing the PostgreSQL container to a potential threat,” Bruskin explained.

    The alternative attack vector targets servers with vulnerable versions of PHPUnit, Liferay, WebLogic, and WordPress that are susceptible to remote code execution in order to run malicious payloads.

    What’s more, a recent “widespread campaign” involved the attackers scanning for open default WebLogic port 7001, and if found, executing a shell command to launch the malware.

    “Exposing the cluster to the Internet without proper security measures can leave it open to attack from external sources,” Bruskin said. “In addition, attackers can gain access to the cluster by taking advantage of known vulnerabilities in images.”

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp Email
    Previous ArticleNew York-based bank exits crypto after tumultuous year
    Next Article Crypto ATM installation slowed in the second half of 2022
    Admincrypt
    • Website

    Related Posts

    U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals

    March 25, 2023

    Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers

    March 25, 2023

    OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident

    March 25, 2023

    Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data

    March 24, 2023

    Leave A Reply Cancel Reply

    Our Picks
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    IPO

    Learn to Build a ChatGPT Bot for Only $30

    By AdmincryptMarch 25, 20230

    Disclosure: Our goal is to feature products and services that we think you’ll find interesting…

    Cardano’s efforts for scaling seem promising, but is ADA well-guarded

    March 25, 2023

    ‘So infuriating’: TikTokers are fuming over potential ban

    March 25, 2023

    The biggest financial crises of the last four decades By Reuters

    March 25, 2023

    Subscribe to Updates

    Get the latest creative news from CRYPTO NOUNCE.

    NEWS
    • Business
    • Crypto
    • Blockchain
    • Markets
    • Technology
    FEATURED SECTIONS
    • Coins
    • ICO List
    • Organigations
    • Events
    • Grides
    FEATURED LINKS
    • Story of the day
    • Videos
    • Infographics
    CONNECT WITH US
    • Facebook
    • Twitter
    • Telegram
    • LinkedIn
    • Pinterest
    ABOUT US
    • Contact
    • Advertise
    • Sitemap
    Copyright © 2023 Cryptonounce All rights reserved. Cryptonounce.
    • Home
    • Buy Now

    Type above and press Enter to search. Press Esc to cancel.

    Sign In or Register

    Welcome Back!

    Login to your account below.

    Lost password?