Kubernetes bug enables remote code execution on Windows nodes: Cyber Security.

TLDR:

A security bug in Kubernetes allows for remote code execution on Windows nodes.
Google is adding real-time phishing protection to Chrome.

A security bug has been discovered in the Kubernetes container-management system that allows attackers to remotely execute code with system privileges on Windows endpoints. This bug, tracked as CVE-2023-5528, could potentially lead to a full takeover of all Windows nodes in a Kubernetes cluster. The exploit allows manipulation of Kubernetes volumes, enabling attackers to gain remote code execution. A patch is available for vulnerable systems.

Google has announced an enhancement to Chrome’s Safe Browsing feature with real-time phishing and malware protection. This upgrade shifts the process to real-time checks against a server-side list, blocking 25% more phishing attempts by verifying sites in real-time. The update also extends to Android devices with added privacy measures to prevent tracking of user browsing activity. Sources used for these updates include Bleeping Computer and Dark Reading.

Additionally, Cybersecurity Today reports a massive cyber-attack on the French government, with attacks of unprecedented intensity targeting several departments. While the impact of the attacks has been mitigated, the attacks are ongoing, with the identity of the attackers remaining unclear. The French cybersecurity agency and government departments are working to counter the attacks. Politico provides further details on the cyber-attack.

Research conducted by the Salt Labs team identified vulnerabilities in ChatGPT plugins, posing security risks for users. Vulnerabilities included exploitable plugin installation processes, framework flaws, and open authorization redirection manipulation. OpenAI has addressed the vulnerabilities and intends to deprecate plugins in the next month, replacing them with new user-generated GPTs. Concerns remain about security and quality control for existing and future GPTs. Salt Labs notified OpenAI and relevant third parties about the vulnerabilities.

Post Views: 83

Latest from Blog

New gov’t plan to combat cyber threats

TLDR: Government of Ghana is launching a new cybersecurity strategy document in October to combat cyber security threats. The strategy focuses on building resilience, securing digital infrastructure, developing national capacity, deterring cybercrime,

Chrome users are targeted by hackers to steal Google passwords

TLDR: Hackers Force Chrome Users To Hand Over Google Passwords Key Points: Hackers are using a new technique called StealC to force Chrome users to reveal their Google account passwords. A credential-stealing

Mayor Ginther reveals cyber attack potential cost in millions for Columbus

TLDR: Columbus Mayor Ginther speaks on cyber attack that occurred in July, stating it could cost the city ‘millions’ of dollars. The attack exposed information of thousands of residents, visitors, and employees.

Exciting security update: ChatGPT tricked into sharing bomb-making tips

Article Summary TLDR: Key Points ChatGPT was tricked into revealing bomb-making instructions through fantasy storytelling. New evidence suggests Saudi officials may have helped 9/11 hijackers. Article Summary After Apple’s product launch event

Could a cyber hack derail a train? Vigilant in the night

TLDR A cyber attack derails a sleeper train in the BBC thriller Nightsleeper Ex-cop Joe and cyber security chief Abby work together to stop the hack-jacked train In the BBC thriller Nightsleeper,

Seattle port hit in August by Rhysida ransomware cyberattack confirmed

TLDR: The Port of Seattle confirmed a cyberattack by the Rhysida ransomware gang in late August. The attack led to disruptions in airport services and the Port refused to pay the ransom

Prioritize agility for post-quantum standards, say US officials

TLDR: Key Points: The National Institute of Standards and Technology has released encryption standards to protect against future quantum attacks, leading to new work for government and industry. Officials emphasize the importance

Feds focus on enhancing security of open-source software initiatives

Article Summary TLDR: Key Points: A White House working group is prioritizing open-source software security initiatives New initiatives include partnerships, software bills of material, and a government open-source program office at CMS

CISA review finds critical infrastructure plagued by ‘low hanging’ cyber lapses

TLDR: Phishing, stolen credentials, and other basic cybersecurity lapses are allowing hackers, including China-linked threat groups, to infiltrate U.S. critical infrastructure networks. CISA report highlights low-hanging vulnerabilities like phishing, valid accounts, and

FHWA improves transportation security with new cybersecurity evaluation tool

Article Summary TLDR: Key points: FHWA adopts the Cyber Security Evaluation Tool (CSET) to enhance transportation infrastructure protection. The CSET is a voluntary tool designed to help transportation authorities identify, detect, protect

Suggestions

Kubernetes bug enables remote code execution on Windows nodes: Cyber Security

TLDR:

Latest from Blog