Site icon IT World Canada

Bug in Kubernetes allows remote code execution on Windows’ nodes: Cyber Security Today for Friday, March 15, 2024

Cyber Security Podcast

Podcast June 1st, 2022

Google adds real time phishing protection to Chrome. A security bug is found in Kubernetes that allows attackers to remotely execute code on Windows nodes. The French government suffers an enormous cyber-attack and vulnerabilities in ChatGPT plug-ins.

Welcome to Cybersecurity Today for Friday March 15th, 2024. I’m your host Jim Love, filling in for Howard Solomon.

Google is set to enhance Chrome’s Safe Browsing feature with real-time phishing and malware protection later this month. Safe Browsing was first introduced in 2005 and has evolved to be a useful tool to block harmful domains and social engineering attacks.

“Safe Browsing already protects more than 5 billion devices worldwide, defending against phishing, malware, unwanted software and more. In fact, Safe Browsing assesses more than 10 billion URLs and files every day, showing more than 3 million user warnings for potential threats,” according Google’s Jasika Bawa and Jonathan Li.

An optional Enhanced Protection mode now offers AI-driven, proactive defense by conducting deeper scans of downloads. When I tried to enable it on our corporate account, it gave me a message that it was not available but my personal Gmail enabled it, so there may be something the Google admin has to do or maybe it’s baked in to the corporate Gmail. But I’ll post a link in the show notes, I can’t see why anyone wouldn’t authorize this.

Traditionally, Safe Browsing compared sites, downloads, and extensions against a locally stored list of malicious URLs updated every 30 to 60 minutes from Google’s servers. The update shifts this process to real-time checks against a server-side list, addressing the challenge of malicious sites that appear and vanish quickly.

This upgrade is expected to block 25% more phishing attempts by verifying sites in real-time. It also extends to Android devices, employing encryption and privacy-enhancing techniques to prevent Google or anyone else from knowing which websites users visit.

A new API uses Fastly Oblivious HTTP (OHTTP) relays for added privacy, obfuscating site URLs and hiding IP addresses, again ensuring that even Google and Fastly cannot link browsing activity to user identities.

Sources used include this article from Bleeping Computer.

A security bug has been found in the Kubernetes container-management system. It allows attackers to remotely execute code with system privileges on Windows endpoints. It could potentially lead to a full takeover of all Windows nodes in a Kubernetes cluster.

This was discovered by an Akamai security researcher Tomer Paled and is tracked as CVE-2023-5528 and it has a CVSS score of 7.2

The exploit allows manipulation of the Kubernetes volumes via a feature that supports sharing of data between pods in a cluster or for storing data persistently outside of a pod’s lifecycle.  You can read the full details in the Akamai blog post published on March 13th.

“It is very easy to exploit this vulnerability because an attacker would only need to modify a parameter and apply 3 YAML files to gain RCE over the Windows endpoints,” according to Peled as the Kubernetes framework “uses YAML files for basically everything.”

Default installations of Kubernetes earlier than version 1.28.4 for both on prem and Azure Kubernetes Service are vulnerable. There is a patch available.

And according to Peled, the vulnerability is in the source code so even if you do not currently have Windows nodes you should still get the patch.

Sources include an article in Dark Reading

The French government has been subjected to cyberattacks of “unprecedented” intensity, affecting several departments. These attacks, which began on Sunday, prompted the activation of a crisis unit to address the situation. Although the prime minister’s office reported that the impact of the attacks had been mitigated and access to some government websites restored, the attacks are still ongoing.

The attacks utilized conventional technical methods but were notable for their unprecedented intensity, targeting many ministerial services. The interministerial digital affairs department (DINUM) and France’s cybersecurity agency (ANSSI) are actively working to counter the attacks.

The identity of the attackers remains unclear, but the pro-Russian hacker group Anonymous Sudan has claimed responsibility for a “massive cyberattack” on the French Interministerial Directorate of Digital Affairs via their Telegram channel.

Anonymous Sudan is known for politically motivated “distributed denial-of-service” (DDoS) attacks, which flood websites and services with massive amounts of internet traffic, causing them to go offline. While DDoS attacks do not breach IT systems, they can significantly disrupt communications and services and are often accompanied by hacking attempts.

Sources include an article in Politico.

Research conducted by the Salt Labs team has identified three significant vulnerabilities in ChatGPT plugins, posing security risks to users:

Plugin Installation Vulnerability: The process of installing new plugins, which requires users to approve a code on a website, was found to be exploitable. Malicious actors could trick users into approving malicious plugins, potentially gaining access to their accounts.

  1. PluginLab Framework Vulnerability: A flaw was discovered in PluginLab, a framework for developing plugins, where user accounts were not properly authenticated during the installation process. This vulnerability could allow attackers to insert unauthorized identifications into accounts, effectively impersonating the user.
  2. Open Authorization Redirection Vulnerability: Several plugins were found to be susceptible to open authorization redirection manipulation. This issue could lead to account takeovers if a user clicked on a malicious link sent by an attacker, compromising user credentials.

The researchers notified OpenAI and the relevant third parties about these vulnerabilities, and the issues have since been addressed.

OpenAI has noted that it has addressed the bug and that intends to deprecate plug-ins in the next month. But these will be replace with the new user generated GPTs which can be developed by anyone and ChatGPT has not said how it will address security and quality concerns for the millions of GPTs that have already been developed, let alone for those yet to be developed.

And that’s it for this episode of Cybersecurity Today.  As always, links to stories and other information will be included in the show notes posted at itworldcanada.com/podcasts. Look for Cybersecurity Today

And we always love to hear our listeners, even if it is to correct us. If you have comments, please send me a note at jlove@itwc.ca or under the show notes at itworldcanada.com/podcasts

And if you want to catch up on other tech news, check out my daily news podcast Hashtag Trending which you can find in all the same places you find Cybersecurity Today – Apple, Google, Spotify or at itworldcanada.com/podcasts.

I’m your host Jim Love, filling in for Howard Solomon. For those busy applying patches from Patch Tuesday, may all your servers come back up quickly – you are doing valuable work. And to everybody, thanks for listening and have a great weekend.

 

 

 

 

 

Exit mobile version