#kubernetes

Cybersecurity researchers have warned of an ongoing cryptojacking campaign targeting misconfigured Kubernetes clusters to mine Dero cryptocurrency. Cloud security firm Wiz, which shed light on the activity, said it's an updated variant of a financially motivated operation that was first documented by CrowdStrike in March 2023. "In this incident, the threat actor abused anonymous access to an

In my first article, Part I: Like a Rainbow In The Dark, I described which problems distributed tracing can help you solve. I also provided some strategies for adopting this observability superpower without getting overwhelmed. As you continue down that path, though, there are some myths that need to be busted, and complex concepts demystified.Let's start with a common phrase that sounds good at first but ultimately isn't useful. This statement can both come from the engineering trenches or whoever is calling the shots: “I want great observability without touching a line of code”.That’s

Red Hat Security Advisory 2024-3349-03 - Red Hat OpenShift Container Platform release 4.12.58 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-3351-03 - Red Hat OpenShift Container Platform release 4.12.58 is now available with updates to packages and images that fix several bugs and add enhancements.

Red Hat Security Advisory 2024-3331-03 - Red Hat OpenShift Container Platform release 4.14.27 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2024-3327-03 - Red Hat OpenShift Container Platform release 4.15.15 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2024-2875-03 - Red Hat OpenShift Container Platform release 4.13.42 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include HTTP request smuggling and denial of service vulnerabilities.

Red Hat Security Advisory 2024-2869-03 - Red Hat OpenShift Container Platform release 4.14.26 is now available with updates to packages and images that fix several bugs and add enhancements.

### Summary By default, the Redis database server is not password-protected. Consequently, an attacker with access to the Redis server can gain read/write access to the data in Redis. The attacker can also modify the "mfst" (manifest) key to cause ArgoCD to execute any deployment, potentially leveraging ArgoCD's high privileges to take over the cluster. Updating the "cacheEntryHash" in the manifest JSON is necessary, but since it doesn't use a private key for signing its integrity, a simple script can generate a new FNV64a hash matching the new manifest values. The repo-server, unable to verify if its cache is compromised, will read the altered "mfst" key and initiate an update process for the injected deployment. It's also possible to edit the "app|resources-tree" key, causing the ArgoCD server to load any Kubernetes resource into the live manifest section of the app preview. This could lead to an information leak. The fact that the cache in Redis is neither signed nor validated, co...

A security issue was discovered in azure-file-csi-driver where an actor with access to the driver logs could observe service account tokens. These tokens could then potentially be exchanged with external cloud providers to access secrets stored in cloud vault solutions. Tokens are only logged when TokenRequests is configured in the CSIDriver object and the driver is set to run at log level 2 or greater via the -v flag.