| From: | Pavel Borisov <pashkin(dot)elfe(at)gmail(dot)com> |
|---|---|
| To: | noloader(at)gmail(dot)com |
| Cc: | Magnus Hagander <magnus(at)hagander(dot)net>, PostgreSQL mailing lists <pgsql-bugs(at)postgresql(dot)org> |
| Subject: | Re: [OT] Microsoft: Kubernetes clusters hacked in malware campaign via PostgreSQL |
| Date: | 2023-01-10 14:59:42 |
| Message-ID: | CALT9ZEGG6DPg=ahRSMBOEMg6OuRJx3Tsrfnw8DtVQ4HHybyWPQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On Tue, 10 Jan 2023 at 17:54, Jeffrey Walton <noloader(at)gmail(dot)com> wrote:
>
> On Tue, Jan 10, 2023 at 9:46 AM Magnus Hagander <magnus(at)hagander(dot)net> wrote:
> >
> > On Tue, Jan 10, 2023, 15:42 Jeffrey Walton <noloader(at)gmail(dot)com> wrote:
> >>
> >> https://www.bleepingcomputer.com/news/security/microsoft-kubernetes-clusters-hacked-in-malware-campaign-via-postgresql/
> >
> > I think the most impressive part in that article is that they found and linked to the postgresql 7 documentation...
>
> It looks like the article used an older version of the docs because
> the link is broken for the newer version. When following the link to
> the latest version of the docs, its results in a "Page not found".
I wonder what was the vulnerability in Postgres that enabled "hackers"
to run malware? I've read the article and the linked ones and found no
causative link between Postgres and malware inside. Sorry, it seems
like baseless warnings, not a description of vulnerability. Maybe I
haven't got something?
Regards,
Pavel Borisov,
Supabase
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2023-01-10 15:07:17 | Re: [OT] Microsoft: Kubernetes clusters hacked in malware campaign via PostgreSQL |
| Previous Message | Jeffrey Walton | 2023-01-10 14:54:02 | Re: [OT] Microsoft: Kubernetes clusters hacked in malware campaign via PostgreSQL |