Sectigo in the News

Akamai has offered security teams a proof-of-concept YAML file and Open Policy Agent rule for blocking a high-severity vulnerability in Kubernetes that was originally patched late last year.

Akamai researcher Tomer Peled said in a March 13 blog post that the vulnerability — CVE-2023-5528 — allows remote code execution with System privileges on all Windows endpoints within a Kubernetes cluster. Peled said to exploit this flaw, the attacker needs to apply malicious YAML files on the Kubernetes cluster — a move that can lead to full takeover on all Windows nodes in a cluster.