Week 47 in Review: A look at the KEV list, a Kubernetes rootkit, and web shells
Happy Thanksgiving to those who celebrate it. This week, Dark Reading published three articles, including coverage of the strengths and weaknesses of the the Known Exploited Vulnerabilities (KEV) list, a rootkit that does more than cryptomining on compromised Kubernetes clusters, and a new web shells with some advanced features.
A favorite post-exploitation tool continues to gain sophistication, with one recent example adding disguised log-in pages, credential stealing, and information gathering via services such as VirusTotal. (22 November 2023)
Kubernetes compromises have usually led to attackers creating cryptomining containers, but the outcomes could be much worse, say researchers presenting at the Black Hat Europe conference. (22 November 2023)
The Known Exploited Vulnerabilities (KEV) catalog is a high-quality source of information on software flaws being exploited in the wild, but updates are often delayed, which means companies need other sources of threat intelligence. (19 November 2023)