from kid@sh.itjust.works to cybersecurity@sh.itjust.works on 18 Apr 11:51
https://sh.itjust.works/post/18011293
It’s from MS, but I’ll take anyways.
Summary: Attackers exploit critical vulnerabilities in OpenMetadata to access Kubernetes workloads and conduct cryptocurrency mining. Microsoft recommends updating OpenMetadata to version 1.3.1 or later and using Microsoft Defender for Cloud for detection of malicious activities. Relevant vulnerabilities include CVE-2024-28255, CVE-2024-28847, CVE-2024-28253, CVE-2024-28848, CVE-2024-28254.
IOCs (hashes with good detection rate on VT):
7c6f0bae1e588821bd5d66cd98f52b7005e054279748c2c851647097fa2ae2df 19a63bd5d18f955c0de550f072534aa7a6a6cc6b78a24fea4cc6ce23011ea01d 31cd1651752eae014c7ceaaf107f0bf8323b682ff5b24c683a683fdac7525bad
IP 8[.]222[.]144[.]60
IP 61[.]160[.]194[.]160
IP 8[.]130[.]115[.]208
[Edit: added summary]
threaded - newest