Week 47 in Review: A look at the KEV list, a Kubernetes rootkit, and web shells
Happy Thanksgiving to those who celebrate it. This week, Dark Reading published three articles, including coverage of the strengths and weaknesses of the the Known Exploited Vulnerabilities (KEV) list, a rootkit that does more than cryptomining on compromised Kubernetes clusters, and a new web shells with some advanced features.
Web Shells Gain Sophistication for Stealth, Persistence | Dark Reading
A favorite post-exploitation tool continues to gain sophistication, with one recent example adding disguised log-in pages, credential stealing, and information gathering via services such as VirusTotal. (22 November 2023)
Rootkit Turns Kubernetes from Orchestration to Subversion | Dark Reading
Kubernetes compromises have usually led to attackers creating cryptomining containers, but the outcomes could be much worse, say researchers presenting at the Black Hat Europe conference. (22 November 2023)
Exploited Vulnerabilities Can Take Months to Make KEV List | Dark Reading
The Known Exploited Vulnerabilities (KEV) catalog is a high-quality source of information on software flaws being exploited in the wild, but updates are often delayed, which means companies need other sources of threat intelligence. (19 November 2023)