Lmst

The TeamPCP campaign highlights how cloud-native misconfigurations can be industrialized into a full cybercrime platform.

By abusing exposed Docker APIs, Kubernetes clusters, Redis, and vulnerable web apps, the group automates scanning, persistence, proxying, data theft, and monetization - often without novel exploits. This reinforces that operational scale, not exploit sophistication, is now the primary threat driver in cloud environments.

Source: https://thehackernews.com/2026/02/teampcp-worm-exploits-cloud.html

💬 Are cloud control planes receiving enough defensive visibility?

🔔 Follow @technadu for ongoing cloud threat analysis

#InfoSec #CloudSecurity #KubernetesSecurity #ThreatResearch #MalwareOps #CyberCrime #TechNadu

TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure

Default Helm charts in Kubernetes might be like leaving your front door unlocked – sensitive data and weak settings could be inviting trouble. Is your deployment really secure?

https://thedefendopsdiaries.com/enhancing-kubernetes-security-addressing-risks-in-helm-charts/

#kubernetessecurity
#helmcharts
#cybersecurity
#devsecops
#cloudsecurity

Let's level up our EKS security game! Join our hands-on webinar on "Shift Right Security for EKS" with Bion Consulting and Anchore. Learn practical techniques to identify and remediate vulnerabilities in your scaling EKS applications. We will focus on:
- Kubernetes Runtime Inventory and why it matters for container security
- How to install and configure Anchore's Runtime Inventory on Amazon EKS
- How Anch... https://get.anchore.com/shift-right-security-for-eks-anchore/ #EKS #KubernetesSecurity #DevSecOps #Anchore #SecurityWebinar

Want to level up your Kubernetes game? This article covers certifications, security, and your next steps! Check it out!

Continue reading the full article https://codelabsacademy.com/en/blog/kubernetes-certification-and-security-guide?source=mastadon

#kubernetescertification #kubernetessecurity

Making Sense of Kubernetes Initial Access Vectors

- Part 1: www.wiz.io/blog/making-sense-of-kubernetes-initial-access-vectors-part-1-control-plane

- Part 2: https://www.wiz.io/blog/kubernetes-data-plane

#kubernetes #k8s #KubernetesSecurity

Does #cybersecurity really need another #Kubernetes vulnerability scanner? 👉 Heck yes!

💪 Find out WHY and HOW we built our newest tool in this candid behind-the-scenes by Security Research Engineer David Bors: https://pentest-tools.com/blog/how-and-why-we-built-the-kubernetes-vulnerability-scanner

#offensivesecurity #penetrationtesting #kubernetessecurity

How to ace a Kubernetes Administrator Interview in 2024: Key Concepts, Practical Skills, and Expert Tips

https://zurl.co/ohRX

#KubernetesAdministratorInterview #KubernetesScenarioQuestions #KubernetesInterviewTips #KubernetesSecurity #KubernetesInterview #careerswami

Adversary Village at DEFCON 32 Workshop,
Julien Terriac (Adversary Simulation Engineer at datadog) will be giving a workshop on, “Hands-on Kubernetes security with KubeHound(Purple Teaming)”.
Workshop schedule: 12:00-14:00 PDT, Aug 10th 2024 at Adversary Village Workshop Stage, Las Vegas Convention Center.
More information on the Workshop: https://adversaryvillage.org/adversary-events/DEFCON-32/Julien-Terriac/

Schedule for Adversary Village at DEF CON 32: https://adversaryvillage.org/adversary-events/DEFCON-32/
Join our Discord server: https://adversaryvillage.org/discord

#AdversaryVillage #DEFCON #WeEngage #DEFCON32 #AdversaryTactics #adversaryemulation #Kubernetessecurity #purpleteaming #Kubehound

A Guide To Kubernetes Logs That Isn't A Vendor Pitch: https://grahamhelton.com/blog/k8slogs/?

#KubernetesSecurity #kubernetes_monitoring

Kubenomicon, this site serves as a wiki and reference for Kubernetes attacks and detection opportunities, and it's mapped across MITRE ATT&CK: https://kubenomicon.com/Kubenomicon.html

#KubernetesSecurity #mitreattack #threatdetection

My #kubecon talk about #cloudnative desktops in action is on YouTube!

#k8s #kubernetes #kubecon2024

https://youtu.be/q1BKwvTqn8M?si=NYjqcMPEywKR7mB6

#k8s #kubernetes #kubernetessecurity

Mastering Kubernetes security: Safeguarding your container kingdom: https://redcanary.com/blog/kubernetes-security/

#KubernetesSecurity

Does anyone have good links for where I can learn a bit more about egress proxies? Particularly for Kubernetes?

Use-case: I need to request a lot of potentially large media from servers outside of my control (one's that exist on the fediverse), and I'd like to do this as safely as possible, without exposing anything internal to my network/cluster.

#DevOps #SRE #kubernetes #KubernetesSecurity #DevSecOps

Kubernetes security fundamentals:

- Introduction: https://securitylabs.datadoghq.com/articles/kubernetes-security-fundamentals-part-1/

- API Security: https://securitylabs.datadoghq.com/articles/kubernetes-security-fundamentals-part-2/

- Authentication: https://securitylabs.datadoghq.com/articles/kubernetes-security-fundamentals-part-3/

- Authorization: https://securitylabs.datadoghq.com/articles/kubernetes-security-fundamentals-part-4/

- Admission Control: https://securitylabs.datadoghq.com/articles/kubernetes-security-fundamentals-part-5/

#KubernetesSecurity #containersecurity

Appsecco published a two-part blog series on vulnerabilities they usually identify during Kubernetes Penetration Tests:

- A Pentester’s Approach to Kubernetes Security — Part 1: https://blog.appsecco.com/a-pentesters-approach-to-kubernetes-security-part-1-2b328252954a

- A Pentester’s Approach to Kubernetes Security — Part 2: https://blog.appsecco.com/a-pentesters-approach-to-kubernetes-security-part-2-8efac412fbc5

#kubernetes #KubernetesSecurity

Datadog Kubernetes security fundamentals series:
- Introduction: https://securitylabs.datadoghq.com/articles/kubernetes-security-fundamentals-part-1/

#kubernetes #KubernetesSecurity

How to Protect Yourself From the New Kubernetes Attacks in 2023: walks through four attacks targeting Kubernetes (Dero and Monero crypto miners, Scarleteel, RBAC-Buster), and security mitigations to prevent them.

https://ksoc.com/blog/how-to-protect-yourself-from-the-new-kubernetes-attacks-in-2023

#kubernetes #KubernetesSecurity