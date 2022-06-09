Security Leftovers
#StopRansomware: MedusaLocker [Ed: Should stop Windows then, as that's by far the biggest ransomware magnet]
CISA, the Federal Bureau of Investigation (FBI), the Department of the Treasury (Treasury), and the Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory (CSA), #StopRansomware: MedusaLocker, to provide information on MedusaLocker ransomware. MedusaLocker actors target vulnerabilities in Remote Desktop Protocol (RDP) to access victims’ networks. Note: this joint #StopRansomware CSA is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.
Nearly a Million Kubernetes Instances Exposed on Internet
Cybersecurity researchers have found more than 900,000 instances of Kubernetes consoles exposed on the internet.
Kubernetes is a very popular container orchestration system. The name comes from the Greek word for “helmsman.” The term “K8s” or “K-eights” is also used to refer to this technology.
Many organizations manage their applications with Kubernetes using self-contained units called “pods,” which share common resources with other units without being aware of each other. For example, “npm start” or “go run” processes can be managed in pods and share some CPU and RAM.
K8s is helpful to deploy, manage, and scale containers, which often consist of micro-services and their configuration files. When the workload increases or decreases, Kubernetes can handle the situation automatically.
As a result, an important security aspect of Kubernetes is access control. Any misconfiguration can lead to unwanted disclosures and attackers could even use them to escape containers and escalate privileges. Besides, Kubernetes provides APIs, CLI commands, and user interfaces that could be attractive for hackers.
Cyble explained its scan “does not necessarily imply that all exposed instances are vulnerable to attacks or will lead to the loss of sensitive data,” but “emphasizes the existence of seemingly simple misconfiguration practices that might make companies lucrative targets for TAs in the future.”
Hacking Linux is Easy with PwnKit [Ed: This is patched, unlike the dozens of Microsoft actively-exploited vulnerabilities that are not even patched; selective media slant]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added PwnKit as a high-severity Linux vulnerability to its list of actively exploited bugs.
Recorded as CVE-2021-4034, with a CVSS score of 7.8/10, PwnKit was discovered by Qualys in November 2021 and can be used by hackers to gain full root control over major Linux distributions.
A New, Remarkably Sophisticated Malware Is Attacking Routers | WIRED
AN UNUSUALLY ADVANCED hacking group has spent almost two years infecting a wide range of routers in North America and Europe with malware that takes full control of connected devices running Windows, macOS, and Linux, researchers reported on June 28.
ZuoRAT Malware Is Targeting Routers
