A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Say that again??? 22 year old vulnerability that was patched in 2017 is still finding victims. Really:
- Snake Keylogger Spreads Through Malicious PDFs – Microsoft Word also leveraged in the email campaign, which uses a 22-year-old Office RCE bug.
Another unsurprising discovery of a huge number of responsive (but not confirmed vulnerable) ways into Kubernete installations. Firewall anyone?
- 380K Kubernetes API Servers Exposed to Public Internet – More than 380,000 of the 450,000-plus servers hosting the open-source container-orchestration engine for managing cloud deployments allow some form of access.
Kudos to Bank of Zambia…