Kubernetes Archives – Gridinsoft Blog https://gridinsoft.com/blogs/tag/kubernetes/ Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Sun, 06 Nov 2022 09:26:40 +0000 en-US hourly 1 https://wordpress.org/?v=61895 200474804 Google Offers up to $91,000 for Linux Kernel Vulnerabilities https://gridinsoft.com/blogs/google-offers-up-to-91000-for-linux-kernel-vulnerabilities/ https://gridinsoft.com/blogs/google-offers-up-to-91000-for-linux-kernel-vulnerabilities/#respond Wed, 16 Feb 2022 22:58:56 +0000 https://gridinsoft.com/blogs/?p=7116 Google has almost doubled its rewards for vulnerabilities in the Linux kernel, Kubernetes, Google Kubernetes Engine (GKE), and kCTF. The reward can now be up to $91,337. In November last year, Google already increased the size of payments: then the company tripled rewards for exploits for previously unknown bugs in the Linux kernel. The idea… Continue reading Google Offers up to $91,000 for Linux Kernel Vulnerabilities

The post Google Offers up to $91,000 for Linux Kernel Vulnerabilities appeared first on Gridinsoft Blog.

]]>
Google has almost doubled its rewards for vulnerabilities in the Linux kernel, Kubernetes, Google Kubernetes Engine (GKE), and kCTF. The reward can now be up to $91,337.

In November last year, Google already increased the size of payments: then the company tripled rewards for exploits for previously unknown bugs in the Linux kernel. The idea was that people would be able to discover new ways to exploit the kernel, in particular related to Kubernetes running in the cloud. Then the researchers were asked to compromise the Google kCTF (Kubernetes Capture The Flag) cluster and get a “flag” in the context of the competition.

NOTE: Let me remind you that we wrote that Apple paid $100,000 for macOS camera and microphone hack, and also that Zerodium offers up to $400,000 for exploits for Microsoft Outlook.

Google reports that the bug-finding program has been a success, receiving nine reports in three months and disbursing more than $175,000 to researchers. During this time, five 0-day vulnerabilities and two exploits for fresh 1-day bugs were discovered. According to Google, thanks to the bug bounty, three of these issues have already been fixed and detailed, including CVE-2021-4154, CVE-2021-22600 (patch), and CVE-2022-0185 (report).

As a result, the program will be extended until at least the end of 2022, and will also undergo a number of changes. Whereas in November it was decided that experts would receive a reward of up to $50,337 for critical vulnerabilities (depending on the severity of the problem), the maximum reward has now been increased to $91,337.

The sum of payments depends on several factors: whether the problem found is a 0-day vulnerability, whether it requires unprivileged user namespaces, whether it uses some new methods of exploitation. Each of these points comes with a bonus of $20,000, which ultimately raises the payout for a working exploit to $91,337.

These changes increase the cost of some 1-day exploits to $71,337 (up from $31,337 previously), and the maximum reward per exploit is now $91,337 (up from $50,337 previously).Google reported.

 

The post Google Offers up to $91,000 for Linux Kernel Vulnerabilities appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/google-offers-up-to-91000-for-linux-kernel-vulnerabilities/feed/ 0 7116
Microsoft warns of mining attacks on Kubernetes clusters https://gridinsoft.com/blogs/mining-attacks-on-kubernetes-clusters/ https://gridinsoft.com/blogs/mining-attacks-on-kubernetes-clusters/#respond Thu, 10 Jun 2021 20:33:24 +0000 https://blog.gridinsoft.com/?p=5577 Microsoft has warned of ongoing attacks on Kubernetes clusters running Kubeflow (an open source project that allows running super powerful machine learning computing on top of Kubernetes clusters). Criminals use them to deploy malicious containers that mine Monero and Ethereum cryptocurrencies. Researchers say the attacks appear to be a continuation of a campaign that was… Continue reading Microsoft warns of mining attacks on Kubernetes clusters

The post Microsoft warns of mining attacks on Kubernetes clusters appeared first on Gridinsoft Blog.

]]>
Microsoft has warned of ongoing attacks on Kubernetes clusters running Kubeflow (an open source project that allows running super powerful machine learning computing on top of Kubernetes clusters).

Criminals use them to deploy malicious containers that mine Monero and Ethereum cryptocurrencies.

Researchers say the attacks appear to be a continuation of a campaign that was discovered last April. Although that campaign peaked in June and then dwindled, new attacks began in late May 2021 when researchers noticed a sudden increase in deployments of the open source machine learning library TensorFlow, adapted for mining.

This is not the first time we see attackers use legitimate images for running their malicious code. Particularly in this case, the existence of TensorFlow images in the cluster makes a lot of sense: It’s not uncommon to find TensorFlow containers in a ML workload. If the images in the cluster are monitored, usage of legitimate image can prevent attackers from being discovered.Report Microsoft researchers.

In this case, deployments in different clusters occurred simultaneously.

The burst of deployments on the various clusters was simultaneous. This indicates that the attackers scanned those clusters in advance and maintained a list of potential targets, which were later attacked on the same time.specialists write.

Although the pods used by the hackers were taken from the official Docker Hub repository, they were modified to mine cryptocurrency. At the same time, all pods are named according to the sequential-pipeline-{random pattern} pattern, which now makes it quite easy to detect possible compromises.

attacks on Kubernetes clusters

According to the company, in order to gain access to clusters and deploy miners to them, attackers search the network for incorrectly configured and publicly available Kubeflow dashboards that should be open only for local access.

Attackers deploy at least two separate modules on each of the compromised clusters: one for CPU mining and the other for GPU mining. So, XMRig is used to mine Monero using a CPU, and Ethminer is used to mine Ethereum on a GPU.

Microsoft recommends that administrators always enable authentication on Kubeflow dashboards if they cannot be isolated from the internet and control their environments (containers, images, and the processes they run).

Let me remind you that I wrote that Microsoft developed a SimuLand lab environment for simulating cyberattacks.

The post Microsoft warns of mining attacks on Kubernetes clusters appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/mining-attacks-on-kubernetes-clusters/feed/ 0 5577
TeamTNT mining botnet infected over 50,000 systems in three months https://gridinsoft.com/blogs/mining-botnet-teamtnt/ https://gridinsoft.com/blogs/mining-botnet-teamtnt/#respond Wed, 02 Jun 2021 21:09:53 +0000 https://blog.gridinsoft.com/?p=5551 Trend Micro warns that since March 2021, the TeamTNT mining botnet from the same-named group has successfully compromised more than 50,000 systems. The TeamTNT group has been active since at least April 2020 and started with attacks on incorrectly configured Docker installations, infecting them with miners and bots for DDoS attacks. Then it became known… Continue reading TeamTNT mining botnet infected over 50,000 systems in three months

The post TeamTNT mining botnet infected over 50,000 systems in three months appeared first on Gridinsoft Blog.

]]>
Trend Micro warns that since March 2021, the TeamTNT mining botnet from the same-named group has successfully compromised more than 50,000 systems.

The TeamTNT group has been active since at least April 2020 and started with attacks on incorrectly configured Docker installations, infecting them with miners and bots for DDoS attacks.

Then it became known that the hackers slightly changed their tactics: they began to attack Kubernetes, and also began to search for credentials from Amazon Web Services on the infected servers and steal them.

The high number of targets shows that TeamTNT is still expanding its reach (especially in cloud environments) and perhaps infrastructure since the group can monetize a more significant amount from their campaigns with more potential victims. The group’s activities add to the number of potential threats that Kubernetes users face.Trend Micro researchers say.

In addition, there have now been recorded cases of hackers posting malicious images to the Docker Hub, and researchers have discovered that the group is using the Weave Scope tool in their attacks, designed to visualize and monitor cloud infrastructure.

TeamTNT mining botnet infected over 50,000 systems in three months

It is also known that TeamTNT comes with a worm component that turns every infected server into a new botnet host and forces it to scan the network for new potential victims; steals SSH credentials and can be used for DDoS attacks (although this feature has not yet been used by hackers).

As a result, grouping is one of the main threats to cloud environments today.

The rich functionality is now paying off for TeamTNT authors, Trend Micro now reports. As mentioned above, according to analysts’ estimates, in just three months, mining malware successfully compromised more than 50,000 systems.

Most of the victims are systems hosted by Chinese cloud providers. This data correlates well with the statistics of the Lacework company, published in early 2021.

mining botnet TeamTNT

As organizations move their computing resources to the cloud and container environments, we see attackers targeting them there.cautioned Trend Micro experts.

Let me remind you that I also talked about the fact that Microsoft warns of the growing number of cyberattacks using web shells.

The post TeamTNT mining botnet infected over 50,000 systems in three months appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/mining-botnet-teamtnt/feed/ 0 5551