Attackers can remotely access the infrastructure to install, remove or encrypt any application that the affected companies are running in the cloud.
More than 22,000 container orchestration and API management systems are unprotected or publicly available on the internet – highlighting the reality of the risks of operating workloads in the cloud.
According to research from Lacework, the containers (Kubernetes, Mesos, Docker Swarms and more) suffer from poorly configured resources, lack of credentials and the use of non-secure protocols. As a result, attackers can remotely access the infrastructure to install, remove or encrypt any application that the company is running in the cloud.
In all, earlier this month Lacework found 22,672 open admin dashboards on the web; and more than 300 of them were unprotected by any credentials whatsoever. About 95 percent of these are hosted inside of Amazon Web Services (AWS). The firm said that it has alerted the affected companies.
For More Details : https://threatpost.com/22k-open-vulnerable-containers-found-exposed-on-the-net/132898/