Dark Reading

Pernicious Permissions: How Kubernetes Cryptomining Became an AWS Cloud Data Heist

A vulnerable Kubernetes container and lax permissions allowed an attacker to turn a opportunistic cryptojacking attack into a wide-ranging intrusion that targeted intellectual property and sensitive ...
CSOonline

Group permission misconfiguration exposes Google Kubernetes Engine clusters

It's easy for admins to misunderstand what GKE considers authenticated users and set permissions that could allow anyone with a Google account to access their systems. Researchers warn that many ...