In the evolving landscape of container orchestration, Kubernetes has emerged as the de facto standard due to its flexibility, scalability, and robust community support. However, as with any complex system, securing a Kubernetes environment presents unique challenges. Containers, by their very nature, are transient and multi-faceted, making traditional security methods less effective. This is where […]
New findings show that malicious actors could leverage a sneaky malware detection evasion technique and bypass endpoint security solutions by manipulating the Windows Container Isolation Framework. The findings were presented by Deep Instinct security researcher Daniel Avinoam at the DEF CON security conference held earlier this month. Microsoft’s container architecture (and by extension, Windows Sandbox) […]
Microsoft Azure Bastion and Azure Container Registry have each been found to have one potentially “dangerous” security flaw that, if taken advantage of, may have resulted in a cross-site scripting (XSS) attack being carried out on the affected service. XSS attacks take occur when threat actors insert arbitrary code into a website that would otherwise […]
Rules_oci, an open-sourced Bazel plugin (“ruleset”) that makes it easier and more secure to create container images using Bazel, has been made generally available by Google. It provides support for both the container community and container image security. Bazel maintains dependencies and caches them according to their integrity hash, making it ideally suited to provide […]
Researchers at TrendMicro have uncovered a new risk to Docker containers, a piece of malware that they have called “TrafficStealer.” The purpose of this program is to earn income by influencing web traffic and ad interaction via the use of containers. The danger was recognized for the first time when it was discovered that one […]
A sophisticated attack campaign dubbed SCARLETEEL is targeting containerized environments to perpetrate theft of proprietary data and software. “The attacker exploited a containerized workload and then leveraged it to perform privilege escalation into an AWS account in order to steal proprietary software and credentials,” Sysdig said in a new report. The advanced cloud attack also […]
Cybersecurity specialists from Palo Alto Networks mention that patches released by Amazon Web Services (AWS) to address vulnerabilities in Log4j could be evaded to escalate privileges on the system or evade containers. Identified by the end of 2021, Log4Shell flaws would allow threat actors to execute remote code and take control of affected deployments. To […]
A report by CrowdStrike reveals that an extreme weakness affecting the CRI-O container engine for Kubernetes could be utilized to break free from the container and gain root entry to the host. The CrowdStrike’s threat research team uncovered that lack of proper authentication for kernel parameters passed to the pinns utility caused the exposure to […]
Cybersecurity specialists report the detection of a severe vulnerability in the Linux kernel whose exploitation would allow threat actors to escape from a container to execute arbitrary commands. The flaw was tracked as CVE-2022-0492 and received a score of 7/10 according to the Common Vulnerability Scoring System (CVSS). The flaw was described as a privilege […]
Details have emerged about a now-patched high-severity vulnerability in the Linux kernel that could potentially be abused to escape a container in order to execute arbitrary commands on the container host. The shortcoming resides in a Linux kernel feature called control groups, also referred to as cgroups version 1 (v1), which allows processes to be […]
Microsoft was informed about the vulnerability by Google but the company claimed it to be a “non-issue” and that it “will not fix it.” On Thursday, Google Project Zero researcher James Forshaw shared details of a Windows AppContainer vulnerability after Microsoft backtracked on its previous stance of not fixing the flaw and announcing to address […]
Microsoft on Wednesday said it remediated a vulnerability in its Azure Container Instances (ACI) services that could have been weaponized by a malicious actor “to access other customers’ information” in what the researchers described as the “first cross-account container takeover in the public cloud.” An attacker exploiting the weakness could execute malicious commands on other […]
Project Zero, Google’s cybersecurity unit, published research detailing its analysis of the Windows firewall and AppContainer, Microsoft’s runtime environment that restricts applications so that security risks can be avoided before installing new software. In its report, Project Zero points to the detection of a severe vulnerability in AppContainer that Microsoft had chosen not to address, […]
Using Windows Server in a “Windows container”? Then beware of it, as recently, it has been confirmed that highly sophisticated malware has been active for over a year. The cybersecurity researchers at Palo Alto Networks Unit 42 have recently discovered a new malware, known as, “Siloscape,” and it uses Windows containers to access Kubernetes clusters. […]
A group of researchers has found a new malware variant designed to breach the security of Windows containers in order to reach Kubernetes clusters. Identified as Siloscape, experts describe this malware variant as something unusual due to its complex features. The report, prepared by Palo Alto Networks, notes that Siloscape was detected in early March, […]
Security researchers have discovered the first known malware, dubbed “Siloscope,” targeting Windows Server containers to infect Kubernetes clusters in cloud environments. “Siloscape is heavily obfuscated malware targeting Kubernetes clusters through Windows containers,” said Unit 42 researcher Daniel Prizmant. “Its main purpose is to open a backdoor into poorly configured Kubernetes clusters in order to run […]
CDK is an open-sourced container penetration toolkit, designed for offering stable exploitation in different slimmed containers without any OS dependency. It comes with useful net-tools and many powerful PoCs/EXPs helps you to escape container and takeover K8s cluster easily. Currently still under development, submit issues or mail [email protected] if you need any help. Installation […]
Cybersecurity specialists from Intezer report the finding of a privilege escalation vulnerability in Microsoft Azure Functions whose exploitation would allow threat actors to escape from a container. Experts mention that these containers run under the privileged Docker flag, so device files in the /dev directory can be shared between the Docker host and the container […]
Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments. Quick reference Where to get help: the Pacu/CloudGoat/CCAT Community Slack, or Stack Overflow Where to file issues: https://github.com/RhinoSecurityLabs/ccat/issues Maintained by: the Rhino Assessment Team Requirements Python 3.5+ is required. Docker is required. Note: CCAT is tested with Docker Engine 19.03.1 version. […]
Researchers discovered a critical vulnerability in Docker that allows an attacker to take complete control of the host and the containers associated with it. The Docker vulnerability resides in the copy command (cp) used in containers platforms such as Docker, Podman, and Kubernetes. This command can be used to copy files & folders between the […]
ArmourBird CSF – Container Security Framework is an extensible, modular, API-first framework build for regular security monitoring of docker installations and containers against CIS and other custom security checks. ArmourBird CSF has a client-server architecture and is thus divided into two components: a) CSF Client This component is responsible for monitoring the docker installations, […]