An open-source, container-native engine for orchestrating parallel jobs on Kubernetes is being attacked via Argo Workflows. Some instances are publicly available via dashboards that don t require authentication for outside users. These misconfigured permissions thus can allow threat actors to run unauthorized code in the victim s environment. Intezer researchers said the misconfigurations can also expose sensitive information such as code, credentials and private container-image names. In one case, bad code was running on an exposed cluster in Docker Hub for nine months.
Source: https://threatpost.com/kubernetes-cyberattacks-argo-workflows/167997/