• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Kinsing Cryptojacking Hits Kubernetes Clusters via Misconfigured PostgreSQL

You are here: Home / General Cyber Security News / Kinsing Cryptojacking Hits Kubernetes Clusters via Misconfigured PostgreSQL
January 9, 2023

Kinsing Cryptojacking

The menace actors driving the Kinsing cryptojacking operation have been spotted exploiting misconfigured and uncovered PostgreSQL servers to receive original obtain to Kubernetes environments.

A next original obtain vector method entails the use of vulnerable images, Sunders Bruskin, security researcher at Microsoft Defender for Cloud, reported in a report past 7 days.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Kinsing has a storied record of targeting containerized environments, usually leveraging misconfigured open up Docker daemon API ports as effectively as abusing recently disclosed exploits to drop cryptocurrency mining program.

The risk actor, in the earlier, has also been found utilizing a rootkit to cover its presence, in addition to terminating and uninstalling competing resource-intense companies and processes.

Now in accordance to Microsoft, misconfigurations in PostgreSQL servers have been co-opted by the Kinsing actor to get an first foothold, with the corporation observing a “massive volume of clusters” infected in this way.

Kinsing Cryptojacking Attacks

The misconfiguration relates to a trust authentication environment, which could be abused to connect to the servers sans any authentication and obtain code execution must the selection be set up to accept connections from any IP deal with.

“In normal, allowing accessibility to a broad vary of IP addresses is exposing the PostgreSQL container to a opportunity threat,” Bruskin defined.

The different attack vector targets servers with vulnerable variations of PHPUnit, Liferay, WebLogic, and WordPress that are inclined to remote code execution in purchase to operate destructive payloads.

What is actually a lot more, a modern “widespread marketing campaign” associated the attackers scanning for open default WebLogic port 7001, and if found, executing a shell command to start the malware.

“Exposing the cluster to the Internet without correct security steps can depart it open to attack from exterior resources,” Bruskin reported. “In addition, attackers can acquire accessibility to the cluster by having advantage of regarded vulnerabilities in pictures.”

Discovered this write-up attention-grabbing? Observe us on Twitter  and LinkedIn to examine much more distinctive content material we post.


Some pieces of this short article are sourced from:
thehackernews.com

Previous Post: «new study uncovers text to sql model vulnerabilities allowing data theft and New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Kinsing Cryptojacking Hits Kubernetes Clusters via Misconfigured PostgreSQL
  • New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks
  • UK insurer announces ‘world-first’ cyber catastrophe bond
  • Why Do User Permissions Matter for SaaS Security?
  • FCC plans strict overhaul of 15-year-old US data breach regulations
  • Security updates for Windows 7 finally end, users urged to upgrade
  • Global Cyber-Attack Volume Surges 38% in 2022
  • Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands
  • Threat Actors Spread RAT Via Pokemon NFT Card Site
  • FCC Wants to Accelerate Breach Reporting for Telcos

Copyright © TheCyberSecurity.News, All Rights Reserved.