BleepingComputer reports that Kubernetes clusters are being compromised by the Kinsing malware through container image vulnerabilities and misconfigured PostgreSQL containers.
Attackers using Kinsing have been searching for remote code execution bugs in WordPress, PHPUnit, Liferay, and Oracle WebLogic to achieve initial access, according to a report from Microsoft's Defender for Cloud team.
"Recently, we identified a widespread campaign of Kinsing that targeted vulnerable versions of WebLogic servers. Attacks start with scanning of a wide range of IP addresses, looking for an open port that matches the WebLogic default port (7001)," said the report.
Kinsing has also been targeting PostgreSQL server misconfigurations, especially the "trust authentication" setting.
Address Resolution Protocol poisoning risk remains high despite strict IP access configuration, said Microsoft, which also urged security teams to consult PostgreSQL's security recommendations page and implement proposed security measures in an effort to avert potential misconfiguration concerns.
Defender for Cloud could also be leveraged to detect PostgreSQL container misconfigurations, Microsoft added.
The Los Angeles International Airport had a database containing 2.5 million records exposed by IntelBroker following a cyberattack against one of its customer relationship management systems conducted this month, reports Hackread.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news