fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

All Kubernetes Versions Affected By Unpatched MiTM Vulnerability

All Kubernetes Versions Affected By Unpatched MiTM Vulnerability

The Kubernetes Product Security Committee has provided advice on how to temporarily block attackers from exploiting a vulnerability that could enable them to intercept traffic from other pods in multi-tenant Kubernetes clusters in man-in-the-middle (MiTM) attacks.

Kubernetes (aka K8s), originally developed by Google and now maintained by the Cloud Native Computing Foundation, is an open-source system designed to help automate the deployment, scaling, and management of containerized workloads, services, and applications over clusters of hosts.

It does this by organizing app containers into pods, nodes (physical or virtual machines), and clusters, with multiple nodes forming a cluster managed by a master that coordinates cluster-related tasks such as scaling, scheduling, or updating apps.

Also Read: The PDPA Data Breach August 2020: A Recap of 8 Alarming Cases

Affected services not widely deployed

The medium severity security issue is being tracked as CVE-2020-8554 and it was reported by Etienne Champetier of Anevia.

It can be exploited remotely by attackers with basic tenant permissions (such as creating or editing services and pods) without user interaction as part of low complexity attacks.

CVE-2020-8554 is a design flaw that impacts all Kubernetes versions, with multi-tenant clusters that allow tenants to create and update services and pods being the most vulnerable to attacks.

“If a potential attacker can already create or edit services and pods, then they may be able to intercept traffic from other pods (or nodes) in the cluster,” as Tim Allclair, a software engineer working on Kubernetes security at Apple, explained in a security advisory published on Monday.

“If you create a service with an arbitrary external IP, then traffic to that external IP from within the cluster will be routed to that service,” Allclair added. “This lets an attacker that has permission to create a service with an external IP to intercept traffic to any target IP.”

Luckily, the vulnerability should affect a small number of Kubernetes deployments given that External IP services are not extensively used in multi-tenant clusters, and granting tenant users with patch service/status permissions for LoadBalancer IPs is not recommended.

How to block CVE-2020-8554 exploits

Since the Kubernetes development team has not yet provided a security update to address this issue, admins are advised to mitigate CVE-2020-8554 by restricting access to the vulnerable features.

You can use an admission webhook container for restricting external IP usage — source code and deployment instructions are available here.

External IPs can also be restricted with the help of the Open Policy Agent Gatekeeper policy controller for Kubernetes using constraints and templates available here.

Mitigation measures for LoadBalancer IPs are not provided since the recommended configuration is not vulnerable but, if restrictions are required, External IP recommendations also apply to LoadBalancer IPs.

Also Read: What Legislation Exists in Singapore Regarding Data Protection and Security?

To detect attacks attempting to exploit this vulnerability you have to manually audit external IP usage within multi-tenant clusters using the vulnerable features.

“ExternalIP services are not widely used, so we recommend manually auditing any external IP usage,” Allclair said. “Users should not patch service status, so audit events for patch service status requests authenticated to a user may be suspicious.”

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us