A high-risk vulnerability that could allow attackers to steal sensitive information secrets from software projects was found and fixed in Argo CD, a widely used continuous delivery platform for applications deployed via Kubernetes.
According to researchers from cloud application security Apiiro, who found and reported the vulnerability, attackers could feed a maliciously crafted Kubernetes application deployment configuration file to Argo that can expose files, environment settings and secret tokens from the central repository server. This could potentially lead to privilege escalation and further lateral movement into the organization’s cloud infrastructure.
More Stories
Alabama Hacker Admits Role in SEC X Account Breach
An Alabama man has admitted hacking into the US Security and Exchange Commission’s X account using SIM swap fraud to...
New Chinese Hacking Campaign Targets Manufacturing Firms to Steal IP
Chinese hackers are infiltrating the networks of suppliers of “sensitive” manufacturers, according to a Check Point report to be published...
DDoS Attack Volume and Magnitude Continues to Soar
Gcore reported a 56% year-over-year rise in DDoS attacks in H2 2024, highlighting a steep long-term growth tend for the...
Ransomware Gangs Increasingly Prioritize Speed and Volume in Attacks
Ransomware groups are adopting agile techniques in a quantity-over-quality approach, according to a new report from Huntress Read More
8Base Ransomware Site Seized, Phobos Suspects Arrested in Thailand
Four Europeans were arrested in Phuket, believed to be members of the Phobos ransomware group Read More
Trusted Encryption Environments
Really good—and detailed—survey of Trusted Encryption Environments (TEEs.) Read More