Threat news: Tsunami malware mutated. Now targeting Jenkins and Weblogic services

The Tsunami malware, a backdoor first identified years ago, has resurfaced with new capabilities targeting Jenkins and Weblogic services within Kubernetes clusters, exploiting vulnerabilities and misconfigurations to gain control over infected systems. Once a system is compromised, attackers can execute shell commands, download files, perform DDoS attacks, and even run cryptocurrency miners, leveraging IRC servers for command and control communication. Despite past patches for vulnerabilities like CVE-2020-14882, outdated container images remain susceptible, underscoring the importance of regular updates and vigilant security practices. To mitigate risks, Falco, a cloud-native runtime security tool, can detect suspicious activity by monitoring container environments and alerting users to potential threats. Keeping services updated and securing credentials are crucial steps in defending against such evolving threats.