Attackers exploiting new critical vulnerabilities on Kubernetes clusters

Description

Microsoft security researchers have uncovered an attack campaign exploiting recently disclosed critical vulnerabilities in the OpenMetadata platform to gain unauthorized access to Kubernetes clusters, followed by reconnaissance and the deployment of crypto-mining malware. The vulnerabilities, affecting versions before 1.3.1, allow attackers to bypass authentication and achieve remote code execution. Once gaining initial access, the attackers attempt to gather information about the compromised environment, establish command-and-control, and deploy malicious payloads for cryptocurrency mining. Administrators are advised to update OpenMetadata to the latest patched version and utilize security solutions like Microsoft Defender for Cloud to detect and mitigate such threats.