Malware campaign targets Kubernetes clusters

Microsoft’s cybersecurity researchers have revealed it spotted an uptick in the deployment of the Kinsing malware (opens in new tab) on Linux servers.  As per the company’s report (opens in new tab), the attackers are leveraging Log4Shell and Atlassian Confluence RCE weaknesses in container images and misconfigured, exposed PostgreSQL containers to install cryptominers on vulnerable endpoints. Microsoft’s Defender for Cloud team said hackers were going through these apps in search of exploitable flaws:PHPUnitLiferayOracle WebLogicWordPressAs for the flaws themselves, they were looking to leverage CVE-2020-14882, CVE-2020-14750, and CVE-2020-14883 – RCE flaws in Oracle’s solutions.

Read more