Kinsing malware exploiting misconfigured and exposed PostgreSQL servers

Share post:

The Kinsing malware is now actively infringing Kubernetes clusters, according to Microsoft’s Defender, by utilizing known flaws in container images and malfunctioning, exposed PostgreSQL containers.

“Recently, we identified a widespread campaign of Kinsing that targeted vulnerable versions of WebLogic servers,” reads a report by Microsoft security researcher Sunders Bruskin.

“Attacks start with scanning of a wide range of IP addresses, looking for an open port that matches the WebLogic default port (7001).”

The most recent attack represents an increase in the use of two methods by Kinsing operators to gain initial access to a Linux server: exploiting a vulnerability in container images or misconfigured PostgreSQL database servers.

The attackers are now said to be exploiting PostgreSQL server misconfigurations to co-opt the Kinsing actor and gain an initial foothold, with the company observing a “large number of clusters” infected in this manner.

The misconfiguration is related to a trust authentication setting, which could be abused to connect to the servers without any authentication and achieve code execution if the option to accept connections from any IP address is enabled.

“In general, allowing access to a broad range of IP addresses is exposing the PostgreSQL container to a potential threat,” Bruskin explained.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways