Microsoft: Misconfigured Kubeflow Workloads are a Cybersecurity Risk
Microsoft's Azure Security Center (ASC), which regularly searches for and researches for new attack vectors against Kubernetes workloads, revealed a new campaign that was observed recently targeting Kubeflow, a machine learning toolkit for Kubernetes.
Yossi Weizman, Security Research Software Engineer, Azure Security Center, ILDC writes that a suspicious Kubeflow image was seen deployed to thousands of clusters in April, all from a single public repository. However, closer inspection revealed that the image runs a common open-source cryptojacking malware that mines the Monero virtual currency, known as XMRIG, writes Threatpost.