BleepingComputer reports that Kubernetes clusters are being compromised by the Kinsing malware through container image vulnerabilities and misconfigured PostgreSQL containers.
Attackers using Kinsing have been searching for remote code execution bugs in WordPress, PHPUnit, Liferay, and Oracle WebLogic to achieve initial access, according to a report from Microsoft's Defender for Cloud team.
"Recently, we identified a widespread campaign of Kinsing that targeted vulnerable versions of WebLogic servers. Attacks start with scanning of a wide range of IP addresses, looking for an open port that matches the WebLogic default port (7001)," said the report.
Kinsing has also been targeting PostgreSQL server misconfigurations, especially the "trust authentication" setting.
Address Resolution Protocol poisoning risk remains high despite strict IP access configuration, said Microsoft, which also urged security teams to consult PostgreSQL's security recommendations page and implement proposed security measures in an effort to avert potential misconfiguration concerns.
Defender for Cloud could also be leveraged to detect PostgreSQL container misconfigurations, Microsoft added.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news