April 19, 2024 at 05:57AM
Cybercriminals are exploiting critical OpenMetadata vulnerabilities to access Kubernetes environments and deploy cryptocurrency mining malware, Microsoft warned. Five vulnerabilities, including an authentication bypass and high-severity issues, have been identified. Threat actors target internet-exposed Kubernetes workloads of OpenMetadata, achieve code execution, and download cryptomining-related malware. Microsoft advises updating OpenMetadata to version 1.3.1 or later to prevent such attacks.
Based on the meeting notes, the key takeaways are:
– Cybercriminals are exploiting critical vulnerabilities in OpenMetadata to access Kubernetes environments and deploy cryptocurrency mining malware.
– Microsoft has identified five vulnerabilities in OpenMetadata, including a critical flaw allowing authentication bypass and four high-severity issues that can be exploited for remote code execution.
– Threat actors have been actively exploiting these vulnerabilities since early April, targeting internet-exposed Kubernetes workloads of OpenMetadata.
– Microsoft observed attackers using a remote server located in China to host additional cryptomining-related malware for both Linux and Windows OS.
– Instructions have been provided by Microsoft for users to check if their cluster is vulnerable and advised to update OpenMetadata to version 1.3.1 or later to mitigate the risks.
– There are related vulnerabilities in Google Kubernetes Engine and Microsoft Azure Kubernetes Service that users should be aware of.
These are the key points from the meeting notes regarding the OpenMetadata vulnerabilities and the actions recommended by Microsoft.