Security News

A survey by ionir shows that 60% of respondents are running stateful applications on Kubernetes, and of those who aren't already, 50% plan to do so in the next 12 months. The primary benefit of running stateful applications on Kubernetes, according to respondents, is that they are critical to business success and their journey toward digital transformation.

Kubernetes showing vulnerabilities against ransomware attacks. New research from Veritas Technologies detailing the inherent security risks associated with Kubernetes has been published, and some of the findings are concerning for those employing the containerized system.

Kubernetes is being rapidly deployed into mission-critical environments in organizations around the world, the research showed, with 86% of organizations expecting to deploy the technology in the next two to three years, and one-third already relying on it today. The research, which gathered the opinions of 1,100 senior IT decision makers globally, found that 48% of organizations that have deployed Kubernetes have already experienced a ransomware attack on their containerized environments, while a staggering 89% of respondents said that ransomware attacks on Kubernetes environments are an issue for their organizations today.

A newly disclosed security vulnerability in the Kubernetes container engine CRI-O called cr8escape could be exploited by an attacker to break out of containers and obtain root access to the host. A lightweight alternative to Docker, CRI-O is a container runtime implementation of the Kubernetes Container Runtime Interface that's used to pull container images from registries and launch an Open Container Initiative-compatible runtime such as runC to spawn and run container processes.

Google says it bumped up rewards for reports of Linux Kernel, Kubernetes, Google Kubernetes Engine, or kCTF vulnerabilities by adding bigger bonuses for zero-day bugs and exploits using unique exploitation techniques. "We increased our rewards because we recognized that in order to attract the attention of the community we needed to match our rewards to their expectations," Google Vulnerability Matchmaker Eduardo Vela explained.

Users of the Argo continuous deployment tool for Kubernetes are being urged to push through updates after a zero-day vulnerability was found that could allow an attacker to extract sensitive information such as passwords and API keys. The path-traversal vulnerability "Allows malicious actors to load a Kubernetes Helm Chart YAML file to the vulnerability and 'hop' from their application ecosystem to other applications' data outside of the user's scope," Moshe Zioni, Apiiro's VP of security research, said.

A high-severity security vulnerability in Argo CD can enable attackers to access targets' application-development environments, paving the way for stealing passwords, API keys, tokens and other sensitive information. Argo CD is a continuous-delivery platform deployed as a Kubernetes controller in the cloud, and it's used to deploy applications, then continuously monitor them in real time as they run.

A vulnerability in Argo CD, used by thousands of orgs for deploying applications to Kubernetes, can be leveraged in attacks to disclose sensitive information such as passwords and API keys. Threat actors can exploit the vulnerability by loading a malicious Kubernetes Helm Chart YAML file onto the target system, allowing the extraction of sensitive information from other applications.

A zero-day vulnerability in open-source Kubernetes development tool Argo lets malicious people steal passwords from git-crypt and other sensitive information by simply uploading a crafted Helm chart. The vuln, tracked as CVE-2022-24438, exists in Argo CD, a widely used open-source continuous delivery tool for Kubernetes.

A vulnerability affecting Linux kernel and tracked as CVE-2022-0185 can be used to escape containers in Kubernetes, giving access to resources on the host system. CVE-2022-0185 is a heap-based buffer overflow vulnerability in the "File System Context" Linux kernel component that can lead to an out-of-bounds write, denial of service, and arbitrary code execution.