all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

How the Sys:All Loophole Allowed Us to Penetrate GKE Clusters in Production

Add to bookmarks
c
March 21, 2024, 5:11 p.m. |

Cloud Security Alliance cloudsecurityalliance.org

Originally published by Orca Security. Written by Ofir Yakobi. Following our discovery of a critical loophole in Google Kubernetes Engine (GKE) dubbed Sys:All, we decided to conduct research into the real-world impacts of this issue. Our initial probe already revealed over a thousand vulnerable GKE clusters due to admins configuring RBAC bindings making the system:authenticated group overprivileged, which could potentially allow any Google account holder to access and control these clusters.G...

clusters critical discovery engine gke google google kubernetes engine issue kubernetes orca orca security probe production real research security vulnerable world written

Visit resource

More from cloudsecurityalliance.org / Cloud Security Alliance

Cl
The Path to SOC 2 Compliance for Startups 2 days, 15 hours ago | cloudsecurityalliance.org
business can challenges companies +16
Cl
Learn How to Navigate Ransomware Attacks in a Digital World 4 days, 10 hours ago | cloudsecurityalliance.org
attacks businesses computer digital +16
Cl
What are the ISO 9001 Requirements? 1 week, 1 day ago | cloudsecurityalliance.org
certification compliance context evaluation +16
Cl
What is Agile Compliance? | Continuous Monitoring for Enhanced Risk Reduction 1 week, 3 days ago | cloudsecurityalliance.org
agile amp best practices blog +32
Cl
Unlocking Trust in the Digital Age: The Power of Blockchain Technologies 1 week, 3 days ago | cloudsecurityalliance.org
age blockchain business communication +20
Cl
Level Up Your Security Strategy with Cyber Resilience 1 week, 4 days ago | cloudsecurityalliance.org
advisory barr advisory breach can +16
Cl
Mastering Least Privilege: Cutting Unused Access 1 week, 4 days ago | cloudsecurityalliance.org
access attack attack surface breaches +16
Cl
How Cybersecurity and AI Will Influence Global Elections in 2024 1 week, 4 days ago | cloudsecurityalliance.org
advocacy artificial artificial intelligence big +20
Cl
Mastering Secure DevOps with Six Key Strategies 1 week, 5 days ago | cloudsecurityalliance.org
addresses applications attacks breaches +24

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)
View on infosec-jobs.com