Security News > 2023 > January > Microsoft: Kubernetes clusters hacked in malware campaign via PostgreSQL

The Kinsing malware is now actively breaching Kubernetes clusters by leveraging known weaknesses in container images and misconfigured, exposed PostgreSQL containers.
"Recently, we identified a widespread campaign of Kinsing that targeted vulnerable versions of WebLogic servers," reads a report by Microsoft security researcher Sunders Bruskin.
Attacking PostgreSQL. The second initial attack pathway that Microsoft's security experts observed was an uptick in the targeting of misconfigured PostgreSQL servers.
Even if the IP access configuration is strict, Microsoft says Kubernetes is still prone to ARP poisoning, so attackers could spoof apps in the cluster to gain access.
Finally, Microsoft says Defender for Cloud can detect permissive settings and misconfigurations on PostgreSQL containers and help administrators mitigate the risks before hackers leverage them.
For PostgreSQL admins whose servers become infected with Kinsing, BigBinary's Sreeram Venkitesh wrote an article on how the malware infected their device and how they finally removed it.
News URL
Related news
- Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (source)
- Microsoft admits GitHub hosted malware that infected almost a million devices (source)
- Microsoft: New RAT malware used for crypto theft, reconnaissance (source)
- Microsoft Trust Signing service abused to code-sign malware (source)
- Microsoft Trusted Signing service abused to code-sign malware (source)
- New Android malware uses Microsoft’s .NET MAUI to evade detection (source)
- Android Malware Exploits a Microsoft-Related Security Blind Spot to Avoid Detection (source)
- Microsoft Warns of Tax-Themed Email Attacks Using PDFs and QR Codes to Deliver Malware (source)
- Fake Microsoft Office add-in tools push malware via SourceForge (source)