all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Kubernetes vulnerability allows RCE on Windows endpoints (CVE-2023-3676)

Add to bookmarks
Sept. 18, 2023, 11:31 a.m. | Helga Labus

Help Net Security www.helpnetsecurity.com

Three high-severity Kubernetes vulnerabilities (CVE-2023-3676, CVE-2023-3893, CVE-2023-3955) could allow attackers to execute code remotely and gain control over all Windows nodes in the Kubernetes cluster. About the vulnerabilities CVE-2023-3676, discovered by Akamai researcher Tomer Peled, is a command injection vulnerability that can be exploited by applying a malicious YAML file on the cluster. “The Kubernetes framework uses YAML files for basically everything — from configuring the Container Network Interface to pod management and even secret … More


The post …

akamai attackers cluster code command command injection control cve don't miss endpoints exploited file high hot stuff injection kubernetes malicious nodes rce researcher security update severity vulnerabilities vulnerability windows yaml

Visit resource

More from www.helpnetsecurity.com / Help Net Security

Swimlane Marketplace simplifies automation for security teams 10 hours ago | www.helpnetsecurity.com
automation beyond case future +20
Anomali introduces AI-powered Security Operations Platform 10 hours ago | www.helpnetsecurity.com
ai-powered anomali center cloud +22
Tidal Cyber unveils customizations and integrations that improve data-driven defense 11 hours ago | www.helpnetsecurity.com
adversaries critical cyber data +14
Splunk Asset and Risk Intelligence accelerates security investigations 11 hours ago | www.helpnetsecurity.com
addition asset attack businesses +24
NinjaOne platform enhancements help security teams identify potential vulnerabilities 12 hours ago | www.helpnetsecurity.com
access backup breaches can +23
BlackBasta claims Synlab attack, leaks some stolen documents 13 hours ago | www.helpnetsecurity.com
attack blackbasta claims customer +22
Proofpoint enhances email security with pre-delivery social engineering and link protection 14 hours ago | www.helpnetsecurity.com
click defense delivery detections +18
McAfee and Intel collaborate to combat deepfakes with Deepfake Detector 16 hours ago | www.helpnetsecurity.com
advanced ai-powered consumers deepfake +16
Strategies for preventing AI misuse in cybersecurity 19 hours ago | www.helpnetsecurity.com
ai models ai tools analytics artificial intelligence +25

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

IT Security Engineer

@ Timocom GmbH | Erkrath, Germany
View on infosec-jobs.com

Consultant SOC / CERT H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com

Privacy Engineer, Implementation Review

@ Meta | Menlo Park, CA | Seattle, WA
View on infosec-jobs.com

Cybersecurity Specialist (Security Engineering)

@ Triton AI Pte Ltd | Singapore, Singapore, Singapore
View on infosec-jobs.com

SOC Analyst

@ Rubrik | Palo Alto
View on infosec-jobs.com

Consultant Tech Advisory H/F

@ Hifield | Sèvres, France
View on infosec-jobs.com
View more jobs