Skip Navigation

‘Significant security loophole’ found in Google software container system

therecord.media ‘Significant security loophole’ found in Google software container system

Researchers at Orca Security identified an issue that “could allow an attacker with any Google account" to take over a cluster in the company's Kubernetes Engine for software applications.

‘Significant security loophole’ found in Google software container system

The issue affected Google Kubernetes Engine (GKE), a system used to deploy, scale and manage how applications are “containerized.” GKE — the tech giant’s implementation of the open-source Kubernetes project — is used widely in healthcare, education, retail and financial services for data processing as well as artificial intelligence and machine learning operations.

Researchers from Orca Security explained that they uncovered an issue in GKE that “could allow an attacker with any Google account to take over a misconfigured Kubernetes cluster, potentially leading to serious security incidents such as cryptomining, denial of service, and sensitive data theft.”

3

You're viewing a single thread.

3 comments