Google Kubernetes Flaw Let Any Google User Control the Cluster

25 January 2024

Researchers have discovered a new loophole in Google Kubernetes Engine (GKE), which threat actors can utilize with a Google account to take over the misconfigured Kubernetes Cluster. Threat actors can further use these compromised clusters for crypto mining, DoS (denial of service), and data theft. This loophole is dubbed “Sys:all” and affects more than 250,000 active GKE clusters, hundreds of them containing sensitive information.

Source: GBHackers

Date:

25 January 2024

Categorie(s):

NEWS

Tag(s):

Clusters, Cyber Security News, Flaws, Let, Security Pro

Triangulation fraud: The costly scam hitting online retailers30 April 2024
Tracecat: Open-source SOAR30 April 2024
Why the automotive sector is a target for email-based cyber attacks30 April 2024
Passwords under seven characters can be easily cracked30 April 2024
Security analysts believe more than half of tasks could be automated30 April 2024