November 11, 2024 at 06:05PM VMware has made its Fusion and Workstation desktop hypervisors free for all users, retiring the paid subscription model. While users retain full features, support ticketing is discontinued. Broadcom plans ongoing development and updates. Current commercial contracts remain valid until expiration, ensuring continued service and support for those agreements. **Meeting Takeaways: … Read more
October 17, 2024 at 02:48AM A critical security flaw (CVE-2024-9486) in Kubernetes Image Builder could allow root access due to default credentials during image builds. Addressed in version 0.1.38, users are advised to disable affected accounts and rebuild images. Additionally, related vulnerabilities in Microsoft and Apache Solr were also disclosed and patched. ### Meeting Takeaways … Read more
October 16, 2024 at 06:02PM A critical bug in Kubernetes Image Builder (CVE-2024-9486) allows unauthorized SSH access to VMs due to default credentials. It poses the highest risk to Proxmox provider images, earning a CVSS of 9.8. Users should upgrade to Image Builder v0.1.38 or later to mitigate this vulnerability. **Meeting Takeaways: Kubernetes Image Builder … Read more
October 16, 2024 at 12:59PM A critical Kubernetes vulnerability, CVE-2024-9486, permits unauthorized SSH access to VM images built with the Image Builder project (version 0.1.37 or earlier) due to default credentials. Users are advised to upgrade to version 0.1.38 or temporarily disable the builder account. Similar issues exist for other providers, tracked as CVE-2024-9594. ### … Read more
September 20, 2024 at 08:03AM Startup Edera raised $5M in seed funding led by 645 Ventures and Eniac Ventures, with additional support from FPV Ventures, Generationship, Precursor Ventures, Rosecliff Ventures, and angel investors. The Seattle-based company provides secure isolation solutions for Kubernetes and AI workloads, aiming to prevent known and unknown vulnerabilities while expanding its … Read more
June 12, 2024 at 10:09AM Cybersecurity researchers have uncovered an ongoing cryptojacking campaign targeting misconfigured Kubernetes clusters to mine Dero cryptocurrency. The threat actors abused anonymous access to launch malicious container images containing a DERO miner. The attack involves targeting externally accessible Kubernetes API servers and uses obfuscation techniques to resist analysis. The attacker’s tactics … Read more
April 18, 2024 at 02:15AM Microsoft Threat Intelligence team has observed threat actors exploiting vulnerabilities in the OpenMetadata platform to access Kubernetes workloads for cryptocurrency mining. These flaws, discovered by Alvaro Muñoz, enable authentication bypass and code execution. Threat actors conduct reconnaissance activities, establish command-and-control communications, and deploy crypto-mining malware. Users are urged to update … Read more
April 17, 2024 at 05:07PM Attackers are actively targeting Kubernetes OpenMetadata workloads by exploiting multiple security vulnerabilities (CVE-2024-28255, CVE-2024-28847, CVE-2024-28253, CVE-2024-28848, and CVE-2024-28254), which were patched on March 15 in OpenMetadata versions 1.2.4 and 1.3.1. Microsoft reports that the attackers download cryptomining-related malware from a remote server, gaining remote access and establishing persistent control. Admins … Read more
March 15, 2024 at 11:45AM Codezero, a startup specializing in secure enterprise microservices development, has secured $3.5 million in seed funding led by Ballistic Ventures and angel investors. Based in Vancouver, the company aims to streamline Kubernetes software development workflows, offering a product called Teamspaces that creates an ephemeral environment similar to production and allows … Read more
March 14, 2024 at 08:51AM A high-severity flaw in Kubernetes, CVE-2023-5528, allowed attackers to execute code with SYSTEM privileges on Windows endpoints. Exploiting a loophole involving local volumes, an attacker could inject commands to achieve remote code execution. The flaw impacted kubelet versions 1.8.0 and after and was patched in updates released on November 14, … Read more