Nearly half a million Kubernetes servers left open to the Internet
Not necessarily a problem, but certainly a risk
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Hundreds of thousands ofendpointsrunningKubernetesAPI have been exposed to the internet, and so could potentially be vulnerable to virus deployment and other cyberattacks, new research has found.
A report from nonprofit organization The Shadowserver Foundation recently scanned a total of 454,729 systems hosting the container orchestration system, and found 84% to be accessible via the internet, at least to some degree. That’s a total of 381,654 systems.
While being exposed to the internet does not automatically mean compromised, it is the first, and most important step, toward a data breach. What’s more all of these are most likely the result of misconfigurations, rather than intent.
Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at theend of this surveyto get the bookazine, worth $10.99/£10.99.
Implementing authentication
After all, a recent security report found thatmost people using Kubernetesdon’t know exactly what they’re doing.
“While this does not mean that these instances are fully open or vulnerable to an attack, it is likely that this level of access was not intended and these instances are an unnecessarily exposed attack surface,” Shadowserver says in the blog post. “They also allow for information leakage on version and build.”
Of all the accessible instances, 201,348 (53%) were located in the United States, the organization stated. It stressed that companies with internet-accessible Kubernetes API servers should implement some form of access authorization, or block access at thefirewall, to prevent possible data breaches and cyberattacks.
Windows 11 really isn’t as secure as we think it is>Microsoft is working on a whole new kind of Kubernetes>Microsoft has uncovered loads of Windows 11 security threats – here’s what you need to do
Kubernetes is a ten-year-oldGoogleproduct for container management, both on-prem and in the public cloud, maintained by the Cloud Native Computing Foundation.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Commercial versions are sold by multiple software companies.Amazon, Google, IBM,Microsoft, Oracle, Red Hat, SUSE, Platform9, and VMware, all offer Kubernetes-based platforms or infrastructure as a service (IaaS) that deploy Kubernetes.
It is extremely popular, being used by most companies worldwide, according to market analysts Statista.
Via:The Register
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Nokia confirms data breach leaked third-party code, but its data is safe
Rising AI threats are making firms turn back to human intelligence
Audio-Technica AT-LP70XBT vs Victrola Hi-Res Onyx: which is the best Bluetooth turntable?
