Kubernetes Security: Sensitive Secrets Exposed

Cybersecurity researchers are warning of Kubernetes security issues amid the exposure of configuration secrets.
Researchers believe that such attacks could be orchestrated using Kubernetes secrets exposed in public repositories as they allow access to the Software Development Life Cycle.
It's worth mentioning that these exposed secrets are essential for managing sensitive data within an open-source environment used for container orchestration.
These secrets are stored in the application programming interface datastore without being encrypted, making them vulnerable to cyber threats in container orchestration.
Securing sensitive data in Kubernetes is essential as it has severe implications for organizations impacted if a vulnerability is exploited.
Researchers at Aqua have stated that they focused on two types of Kubernetes secrets: dockercfg and dockerconfigjson.
Container security measures for both these security measures are essential as they store credentials used for accessing external repositories.
The team of researchers used GitHub's API to identify instances where such secrets were uploaded to public repositories.
These refined protocols yielded 438 records that contained login credentials.
Out of these records, 203 contained credentials that actually led to access to the respective repositories.
It's worth mentioning that just 93 of the credentials were set by individuals, while the other 345 appeared to be computer-generated.
Provided below is a breakdown of the registries and credentials that were exposed.
It's worth noting that credentials for GCR and AWS had expiration dates rendering them useless after they had been exposed.
These secrets enable both push and pull privilege and if exploited, are likely to impact highly popular projects and cryptocurrencies.
The docker hub credentials that were discovered granted full access to the accounts.
With diverse cyber threats on the rise, adapting rise mitigation strategies for Kubernetes security is now essential for organizations worldwide.
Using expiration dates on secrets, tokens, and credentials to ensure that they don't stay usable for a period longer than what they are needed for.
Exposed Kubernetes secrets have put the organization at risk.
Researchers have, to date, identified that out of the 438 exposed credentials, 203 were actually valid.
These credentials could be used for push and pull privilege, leaking code, and executing data breaches.


This Cyber News was published on securityboulevard.com. Publication date: Wed, 06 Dec 2023 08:43:05 +0000


Cyber News related to Kubernetes Security: Sensitive Secrets Exposed

You Don't Know Where Your Secrets Are - Do you know where your secrets are? If not, I can tell you: you are not alone. Hundreds of CISOs, CSOs, and security leaders, whether from small or large companies, don't know either. No matter the organization's size, the certifications, tools, ...
1 year ago Thehackernews.com
Securing the code: navigating code and GitHub secrets scanning - Enter the world of GitHub secrets scanning tools, the vigilant sentinels of your digital gala. Secrets scanning in GitHub is anchored by two fundamental strategies: proactive prevention and reactive detection, each serving a critical function in ...
11 months ago Securityboulevard.com
Auditing Kubernetes with Open Source SIEM and XDR - Container technology has gained traction among businesses due to the increased efficiency it provides. In this regard, organizations widely use Kubernetes for deploying, scaling, and managing containerized applications. Organizations should audit ...
1 year ago Thehackernews.com
Rootkit Turns Kubernetes from Orchestration to Subversion - As software development focuses on continuous integration and deployment, orchestration platforms like Kubernetes have taken off, but that popularity has put them in attackers' crosshairs. Most successful attacks - at least those publicly reported - ...
1 year ago Darkreading.com
Kubernetes Security: Sensitive Secrets Exposed - Cybersecurity researchers are warning of Kubernetes security issues amid the exposure of configuration secrets. Researchers believe that such attacks could be orchestrated using Kubernetes secrets exposed in public repositories as they allow access ...
11 months ago Securityboulevard.com
Protecting against new Kubernetes threats in 2024 and beyond - A wave of new attacks targeted Kubernetes in 2023: Dero and Monero crypto miners, Scarleteel and RBAC-Buster. Finding an initial foothold with a web app vulnerability, then moving laterally is the hallmark of a Kubernetes attack. Understanding the ...
11 months ago Venturebeat.com
Over 12 million auth secrets and keys leaked on GitHub in 2023 - GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days. The exposed secrets include account passwords, API keys, ...
8 months ago Bleepingcomputer.com
XM Cyber Launches Kubernetes Exposure Management to Intelligently Protect Critical Container Environments - PRESS RELEASE. HERZLIYA, Israel, Nov. 29, 2023 /PRNewswire/ - XM Cyber, the leader in hybrid cloud exposure management, today announced new capabilities that provide complete and continuous visibility into risks and vulnerabilities in Kubernetes ...
1 year ago Darkreading.com
Entro Security Newest Competitor in 2024 'ASTORS' Awards Program - Secrets management and monitoring are crucial components of any security program. Entro is a holistic secret security platform designed specifically for security teams and CISOs. To ensure that doesn't happen, Entro offers an exclusive secrets ...
11 months ago Americansecuritytoday.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
2 months ago Aws.amazon.com
Privileged Access Management for DevOps - Recently, KuppingerCole released the first edition of its Leadership Compass for Privileged Access Management for DevOps. The KuppingerCole report recognizes the unique and complex challenges that exist in DevOps and other dynamic environments. The ...
1 year ago Beyondtrust.com
Honeytokens for Peace Of Mind - If you have been tackling the realities of secrets sprawl, getting a handle on all the hardcoded credentials in your organization, then we understand the stress and the restless nights that can bring. Even a small team can add hundreds of secrets a ...
10 months ago Feeds.dzone.com
Kubernetes Vulnerability Let Attackers Take Full System Control - A new vulnerability, CVE-2023-5528, has been discovered with Kubernetes. This vulnerability is associated with a command injection vulnerability that leads to remote code execution with SYSTEM-level privileges on the compromised Windows node. The ...
8 months ago Gbhackers.com
The Secret Weakness Execs Are Overlooking: Non-Human Identities - By shifting our focus to secrets security and adopting a comprehensive approach that includes robust detection, automated remediation, and integration with identity systems, organizations can significantly reduce their attack surface and bolster ...
2 months ago Thehackernews.com
CVE-2024-28236 - Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like `parameters`, `image` and `entrypoint` to inject secrets into a ...
8 months ago
new detectors, your favorite features, and what's coming next in GitGuardian - GitGuardian Secrets Detection More detectors = more secrets caught. Every detector has its comprehensive ID card in the public documentation, outlining the secret type, its intended usage and scope, and detailed steps for revocation. If you haven't ...
11 months ago Securityboulevard.com
Dual Privilege Escalation Chain: Exploiting Monitoring and Service Mesh Configurations and Privileges in GKE to Gain Unauthorized Access in Kubernetes - While each issue might not result in significant damage on its own, when combined they create an opportunity for an attacker who already has access to a Kubernetes cluster to escalate their privileges. If an attacker has the ability to execute in the ...
11 months ago Unit42.paloaltonetworks.com
Patch Now: Kubernetes RCE Flaw Allows Full Takeover of Windows Nodes - A security bug in the widely used Kubernetes container-management system allows attackers to remotely execute code with System privileges on Windows endpoints, potentially leading to full takeover of all Windows nodes within a Kubernetes cluster. ...
8 months ago Darkreading.com
Kubernetes DaemonSet: Monitoring in Kubernetes - That's why it makes sense to collect logs from every node and send them to some sort of central location outside the Kubernetes cluster for persistence and later analysis. A DaemonSet in Kubernetes is a specific kind of workload controller that ...
1 year ago Feeds.dzone.com
5 open-source tools for pentesting Kubernetes you should check out - Kubernetes, often called K8s, is an open-source platform designed to automate the deployment, scaling, and operations of containerized applications. Kubernetes has become a critical part of the infrastructure for many organizations. With its ...
11 months ago Helpnetsecurity.com
The Kubernetes Cost Features You Need in 2024 - In the rapidly evolving Kubernetes ecosystem, managing costs effectively is as critical as ensuring operational efficiency. To make the most of your shift to cloud native technologies in 2024, you need a roadmap to Kubernetes cost optimization, ...
11 months ago Securityboulevard.com
Vulnerability prioritization in Kubernetes: unpacking the complexity - One particularly significant aspect to consider is vulnerability prioritization. We'll explore practical prioritization strategies tailored to Kubernetes and discuss the significance of effective vulnerability patching. A vulnerability in a pod that ...
11 months ago Securityboulevard.com
Guarding Kubernetes From the Threat Landscape - DZone - If compromised, attackers can exploit these broad permissions to manipulate deployments, introduce malicious code, gain unauthorized access to critical systems, steal sensitive data, or create backdoors for ongoing access. Part of the security ...
2 months ago Feeds.dzone.com
Helm: Simplifying Kubernetes Deployments - As a Kubernetes package manager, Helm greatly streamlines and simplifies deployment processes. In this article, we will delve deeply into Helm and explore how it facilitates the easier management of Kubernetes deployments. Templates: Helm uses ...
10 months ago Feeds.dzone.com
Multiple Flaws in Google Kubernetes Engine - Google Kubernetes Engine has been detected with two flaws that a threat actor can utilize to create significant damage in case the threat actor already has access inside the Kubernetes cluster. The first issue was associated with FluentBit with ...
11 months ago Gbhackers.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)