#KubernetesExploits

OpenMetadata Vulnerabilities Exploited to Abuse Kubernetes Clusters for Cryptomining  

by

April 19, 2024 at 05:57AM Cybercriminals are exploiting critical OpenMetadata vulnerabilities to access Kubernetes environments and deploy cryptocurrency mining malware, Microsoft warned. Five vulnerabilities, including an authentication bypass and high-severity issues, have been identified. Threat actors target internet-exposed Kubernetes workloads of OpenMetadata, achieve code execution, and download cryptomining-related malware. Microsoft advises updating OpenMetadata to version … Read more

Active Kubernetes RCE Attack Relies on Known OpenMetadata Vulns

by

April 17, 2024 at 03:31PM OpenMetadata’s open source metadata repository has been actively exploited since April, allowing threat actors to execute cyberattacks against unpatched Kubernetes clusters. Researchers identified five vulnerabilities affecting versions preceding v1.3.1. Cybercriminals are leveraging these vulnerabilities for cryptocurrency mining and may engage in further malicious activities. OpenMetadata administrators are urged to update … Read more