Found 3 bookmarks
Custom sorting
What a Cluster: Local Volumes Vulnerability in Kubernetes
What a Cluster: Local Volumes Vulnerability in Kubernetes
  • Akamai security researcher Tomer Peled recently discovered a high-severity vulnerability in Kubernetes that was assigned CVE-2023-5528 with a CVSS score of 7.2. The vulnerability allows remote code execution with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster. To exploit this vulnerability, the attacker needs to apply malicious YAML files on the cluster. This vulnerability can lead to full takeover on all Windows nodes in a cluster. This vulnerability can be exploited on default installations of Kubernetes (earlier than version 1.28.4), and was tested against both on-prem deployments and Azure Kubernetes Service. In this blog post, we provide a proof-of-concept YAML file as well as an Open Policy Agent (OPA) rule for blocking this vulnerability.
#akamai#EN#2024#CVE-2023-5528#Kubernetes#Windows#vulnerability
·akamai.com·
What a Cluster: Local Volumes Vulnerability in Kubernetes
The Race to Patch: Attackers Leverage Sample Exploit Code in Wordpress Plugin | Akamai
The Race to Patch: Attackers Leverage Sample Exploit Code in Wordpress Plugin | Akamai
The time for attackers to respond to known vulnerabilities is shrinking. See an example of an attacker using sample code. * The Akamai Security Intelligence Group (SIG) has been analyzing attack attempt activity following the announcement of a critical vulnerability in a WordPress custom fields plug-in affecting more than 2 million sites. * Exploiting this vulnerability could lead to a reflected cross-site scripting (XSS) attack, in which malicious code is injected into a victim site and pushed to its visitors. * On May 4, 2023, the WP Engine team announced the security fix in version 6.1.6, including sample exploit code as a proof of concept (PoC). * Starting on May 6, less than 48 hours after the announcement, the SIG observed significant attack attempt activity, scanning for vulnerable sites using the sample code provided in the technical write-up. * This highlights that the response time for attackers is rapidly decreasing, increasing the need for vigorous and prompt patch management.
#akamai#EN#2023#XSS#vulnerability#WordPress#plugin#third-party-risk#CVE-2023-30777
·akamai.com·
The Race to Patch: Attackers Leverage Sample Exploit Code in Wordpress Plugin | Akamai