1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • A Google Kubernetes security flaw could let anyone with a Gmail a

    From TechnologyDaily@1337:1/100 to All on Thu Jan 25 12:15:05 2024
    A Google Kubernetes security flaw could let anyone with a Gmail account compromise your business

    Date:
    Thu, 25 Jan 2024 12:06:09 +0000

    Description:
    There was a misconception in how system:authenticated works, but Google has since addressed it.

    FULL STORY ======================================================================

    The Google Kubernetes Engine (GKE) carried a vulnerability which allowed pretty much anyone with a Gmail account to take over a Kubernetes cluster.

    Cybersecurity researchers from Orca broke the news, naming the vulnerability Sys:All and claiming that there are a quarter of a million active GKE
    clusters that could be vulnerable to the flaw.

    The problem lies in the fact that many people wrongly believe the system:authenticated group in Google Kubernetes Engine only includes verified and deterministic identities, researcher Ofir Yakobi told The Hacker News .
    In reality, any Google authenticated account will suffice. Fixing the flaw

    As explained in the report, the system:authenticated group includes authenticated entities, humans and service accounts alike. This means that a threat actor could use a Google OAuth 2.0 bearer token and gain control over the cluster. That control could subsequently be used to deploy all kinds of malware, move throughout the network, or steal sensitive data from the endpoints.

    Whats more, the victim organization wouldnt be able to trace the attack back to a specific Gmail or Google Workspace account. The Hacker News reports that numerous organizations could be impacted by the findings, and different kinds of sensitive data could be put at risk. That includes JWT tokens, GCP API keys, AWS keys, Google OAuth credentials, private keys, and credentials to container registries.

    Soon after breaking the news, Google came forward with steps to block the binding of the system:authenticated group to the cluster-admin role in GKE. These steps were applied in versions 1.28 onward.

    "To help secure your clusters against mass malware attacks that exploit cluster-admin access misconfigurations, GKE clusters running version 1.28 and later won't allow you to bind the cluster-admin ClusterRole to the system:anonymous user or to the system:unauthenticated or
    system:authenticated groups," the cloud giant said in its advisory. More from TechRadar Pro Microsoft says it was hit by Russian hackers who wanted to know its secrets Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/a-google-kubernetes-security-flaw-could -let-anyone-with-a-gmail-account-compromise-your-business


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)