Patch Now: Kubernetes RCE Flaw Allows Full Takeover of Windows Nodes

Service accounts, API keys, and OAuth tokens are a growing attack vector for cybercriminals looking to penetrate organizations' defenses. [TechWeb]( Follow Dark Reading: [RSS]( March 14, 2024 LATEST SECURITY NEWS & COMMENTARY [Patch Now: Kubernetes RCE Flaw Allows Full Takeover of Windows Nodes]( Attackers can remotely execute code with system privileges by exploiting a vulnerability in the source code of the open source container management system. [ChatGPT Spills Secrets in Novel PoC Attack]( Research is latest in a growing body of work to highlight troubling weaknesses in widely used generative AI tools. [Nissan Oceania Breached; 100K People Affected Down Under]( A possible ransomware attack has exposed government and personal data of Australians and New Zealanders, encompassing the carmaker's customers, dealers, and employees. [Heated Seats? Advanced Telematics? Software-Defined Cars Drive Risk]( Carmakers are offering all kinds of over-the-air subscriptions and features, many of which benefit the businesses that use them. But this also opens up a wider attack surface for vehicle attackers. [Why You Need to Know Your AI's Ancestry]( Securing AI can't wait an hour, let alone a decade. [Yacht Retailer MarineMax Files 'Cyber Incident' with SEC]( The Florida-based boat purveyor's operations were seemingly minimally disrupted and "not material," but it's filing an SEC notice anyway. [(Sponsored Article) On Whose Account? Challenges in Securing Non-Human Identities]( Service accounts, API keys, and OAuth tokens are a growing attack vector for cybercriminals looking to penetrate organizations' defenses. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS ['Magnet Goblin' Exploits Ivanti 1-Day Bug in Mere Hours]( A prolific but previously hidden threat actor turns public vulnerabilities into working exploits before companies have time to patch. [How to Identify a Cyber Adversary: Standards of Proof]( Identifying the who, what, and how behind a cyberattack is crucial for preventing future strikes. [Google's Gemini AI Vulnerable to Content Manipulation]( Like ChatGPT and other GenAI tools, Gemini is susceptible to attacks that can cause it to divulge system prompts, reveal sensitive information, and execute potentially malicious actions. [Name That Toon: Keys to the Kingdom]( Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 Amazon gift card. [MORE]( PRODUCTS & RELEASES [Codezero Raises $3.5M Seed Funding From Ballistic Ventures to Secure Multicloud Application Development]( [Claroty Launches Advanced Anomaly Threat Detection for Medigate]( [Claroty Team82: 63% of Known Exploited Vulnerabilities Tracked by CISA Are on Healthcare Organization Networks]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Microsoft Discloses Critical Hyper-V Flaws in Low-Volume Patch Update]( Microsoft has disclosed fewer flaws and zero-days in the first three months of 2024 compared with the first quarter of the prior four years. LATEST FROM THE EDGE [10 Tips for Better Security Data Management]( CISOs must build out their security data management and security data architecture to get the most out of their security data for the least amount of investment. LATEST FROM DR TECHNOLOGY [Google's Post-Quantum Upgrade Doesn't Mean We're All Protected Yet]( Just because Google has put in the work to quantum-proof Chrome doesn't mean post-quantum security is all set. LATEST FROM DR GLOBAL [150K+ UAE Network Devices & Apps Found Exposed Online]( Misconfigurations, insecure services leave United Arab Emirates organizations and critical infrastructure vulnerable to bevy of cyber threats. WEBINARS - [Building a Modern Endpoint Strategy for 2024 and Beyond]( - [Unbiased Testing. Unbeatable Results]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [Collective defense is more important than ever--is your workforce ready?]( - [Use the 2023 MITRE ATT&CK Evaluation Results for Turla to Inform EDR Buying Decisions]( - [Incident Response Planning Guide]( - [2023 Gartner Magic Quadrant for Single-Vendor SASE]( - [2023 Work-from-Anywhere Global Study]( - [Threat Intelligence: Data, People and Processes]( - [Mandiant Threat Intelligence at Penn State Health]( [View More White Papers >>]( FEATURED REPORTS - [Industrial Networks in the Age of Digitalization]( - [Zero-Trust Adoption Driven by Data Protection]( - [How Enterprises Assess Their Cyber-Risk]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=122071&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_03.14.24&sp_cid=52489&utm_content=DR_NL_Dark%20Reading%20Daily_03.14.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#0c If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)