CVE-2022-23648 in Containerd’s CRI Plugin Could Allow for Container Breakout

Aqua Cloud Native Blog \ Tags: Security Threats

SECURITY RESEARCH
CVE-2022-23648 in Containerd’s CRI Plugin Could Allow for Container Breakout
A recently discovered CVE in containerd allows attackers who can run a custom image in a cluster to break out to the underlying node and, in some cases, escalate privileges to cluster-admin level. This CVE is interesting for several reasons. First, the vulnerability shows up in the container image, not in the Kubernetes manifests, so …
Read more
SECURITY RESEARCH
The New Octocat Coin: How Attackers Bypass CI/CD Compute Limits
Threat Alert
Over the past few years, attackers have embraced cryptomining as a fast revenue source, easily converting compute power into digital coins. Unlike other types of cybercrime, cryptomining is perceived by the attacker as relatively harmless and reversible, with a low footprint and an immediate payoff. Last year, bad actors switched from attacking unpatched servers to …
Read more
SECURITY RESEARCH
CVE-2022-0811: CRI-O Vulnerability Could Allow Container Escape
A newly discovered vulnerability in the container runtime tool CRI-O could allow for attackers who are able to create pods in a Kubernetes or OpenShift cluster that uses the software, to break out to the underlying cluster node, effectively escalating their privileges. While, as ever, the best way to address this issue is to apply …
Read more
SECURITY RESEARCH
Cloud Native Technologies Used in Russia-Ukraine Cyber Attacks
The conflict between Russia and Ukraine is raging not only in the physical realm but also on the cyber front, where governments, hacktivist groups, and individuals are trying to play their part. In this blog, we analyze some examples of the cyberattacks that have taken place as part of the current conflict and review their …
Read more
SECURITY RESEARCH
Linux Kernel Vulnerability: Escaping Containers by Abusing Cgroups
CVE-2022-0492
CVE-2022-0492, a recently disclosed high-severity Linux vulnerability that relates to a weakness in the handling of release_agent in cgroups, could allow for container escape under some circumstances. Fortunately, in common container configurations, the various layers of security hardening will block the effective execution of this vulnerability.
Read more
SECURITY RESEARCH
Dirty Pipe Linux Vulnerability: Overwriting Files in Container Images
CVE-2022-0847
A new CVE in the Linux kernel was released this week. CVE-2022-0847, aka “Dirty Pipe”, is a vulnerability that allows users on a Linux system to overwrite the contents of files that they can read but shouldn’t be able to write to. Looking at this vulnerability from the perspective of hosts using containerization software such …
Read more
Uncategorized
The Russia-Ukraine Cyber Attacks: A CISO’s Advice
The devastating events in Ukraine have already affected millions of lives and organizations, with profound consequences extending far beyond the region. As the conflict continues to unfold, companies in the US and around the world are facing the growing risk of aggressive Russian cyberattacks. In the face of these threats, CISOs and CIOs must ramp …
Read more
SECURITY RESEARCH
CVE-2022-0185 in Linux Kernel Can Allow Container Escape in Kubernetes
Last week, a new high-severity CVE was released that affects the Linux kernel. This vulnerability provides an opportunity for an attacker who has access to a system as an unprivileged user to escalate those rights to root. To do this, the attacker must have a specific Linux capability, CAP_SYS_ADMIN, which reduces the risk of breakout …
Read more
SECURITY RESEARCH
The Nightmare Before Christmas: Looking Back at Log4j Vulnerabilities
Last month, a zero-day vulnerability in the extremely popular Log4j logging framework overwhelmed the security community during the already busy end-of-year rush. Just keeping up with Log4j news and updates has been no easy task, let alone fixing the multiple vulnerabilities discovered almost daily. Organizations worked hard to apply patches for the original zero-day vulnerability, …
Read more
SECURITY RESEARCH
CVE-2021-44832: New Arbitrary Code Execution Vulnerability in Log4j
Threat Alert
This holiday season, adversaries aren’t taking a vacation, massively exploiting multiple vulnerabilities in Log4j, a highly popular Java logging library. Amid the ongoing efforts of organizations to patch their vulnerable systems, a new Log4j vulnerability, tracked as CVE-2021-44832, has been discovered. It allows for an arbitrary code execution via JDBC Appender when an attacker can …
Read more
SECURITY RESEARCH
Threat Alert: Evolving Attack Techniques of Autom Cryptomining Campaign
Threat Alert
Over the past three years, we at Team Nautilus have been tracking an ongoing cryptomining campaign attacking our honeypots. It got the name Autom due to a shell script that was downloaded and that initiated the attack. Through the years, the campaign has evolved, demonstrating new techniques to hide the attack. In this blog, we …
Read more
SECURITY RESEARCH
Stopping a DreamBus Botnet Attack with Aqua’s CNDR
We recently came across a real-life scenario that is very common for organizations. A developer with admin access launched a cloud native application but made a mistake and misconfigured it with weak credentials. Just 12 hours later, the environment was attacked by the DreamBus botnet, which proceeded to evade defenses and run Kinsing malware and …
Read more
Page 5 of 9‹ Prev123456789Next ›
Need to secure enterprise workloads?
Aqua Cloud Native Application Protection Platform (CNAPP)
Go cloud native with the experts!
Get Demo
Aqua Security is the pioneer in securing containerized cloud native applications from development to production. Aqua's full lifecycle solution prevents attacks by enforcing pre-deployment hygiene and mitigates attacks in real time in production, reducing mean time to repair and overall business risk. The Aqua Platform, a Cloud Native Application Protection Platform (CNAPP), integrates security from Code to Cloud, combining the power of agent and agentless technology into a single solution. With enterprise scale that doesn’t slow development pipelines, Aqua secures your future in the cloud. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL protecting over 500 of the world’s largest enterprises.
Read Aqua Security reviews on G2

Use Cases

Environments

Partners

Resources

About Us

Get in Touch

Products

Get Started
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use | Cookie Settings |  
Accessibility Tools
Normal text size Medium text size Large text size
Normal display Black & White display High contrast display
Stop transitions and animations Underline Links