#OpenMetadata

Hackers Exploit OpenMetadata Flaws to Mine Crypto on Kubernetes

April 18, 2024 by Xynik

April 18, 2024 at 02:15AM Microsoft Threat Intelligence team has observed threat actors exploiting vulnerabilities in the OpenMetadata platform to access Kubernetes workloads for cryptocurrency mining. These flaws, discovered by Alvaro Muñoz, enable authentication bypass and code execution. Threat actors conduct reconnaissance activities, establish command-and-control communications, and deploy crypto-mining malware. Users are urged to update … Read more

Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks

April 17, 2024 by Xynik

April 17, 2024 at 05:07PM Attackers are actively targeting Kubernetes OpenMetadata workloads by exploiting multiple security vulnerabilities (CVE-2024-28255, CVE-2024-28847, CVE-2024-28253, CVE-2024-28848, and CVE-2024-28254), which were patched on March 15 in OpenMetadata versions 1.2.4 and 1.3.1. Microsoft reports that the attackers download cryptomining-related malware from a remote server, gaining remote access and establishing persistent control. Admins … Read more