This week's articles
How threat actors are using self-hosted GitHub Actions runners as backdoors
Sysdig Threat Research Team discovered attackers exploiting self-hosted GitHub Actions runners as persistent backdoors. The Shai-Hulud worm demonstrated this by installing rogue runners on compromised machines, using vulnerable workflows with command injection for persistence across workflow executions via discussions as C2 channels.
#attack
#ci/cd
#supply-chain
A Brief Deep-Dive into Attacking and Defending Kubernetes
This article covers Kubernetes attack and defense techniques. Explores Kubernetes components (API Server, ETCD, kubelet), attack vectors including unauthenticated API access, RBAC misconfigurations, ServiceAccount token abuse, malicious admission controllers, CoreDNS poisoning, writable volume mounts, ETCD compromise, and certificate authority exploitation.
#attack
#defend
#kubernetes
Preparing for Post-Quantum Cryptography
Learn what post-quantum cryptography is, why quantum computers threaten today's encryption, and how to start preparing your environment now.
#explain
#strategy
#defend
Unauthenticated Cluster Takeover in AWS ROSA
A critical vulnerability in AWS ROSA Classic allowed unauthenticated attackers to discover clusters via Certificate Transparency logs, extract cluster UUIDs and owner emails from unauthenticated endpoints, initiate unauthorized cluster transfers, and escalate to AWS account access through ROSA's IAM roles.
#aws
#kubernetes
#attack
|