Kubernetes RBAC: How to Avoid Privilege Escalation via Certificate Signing

Aqua Cloud Native Blog

Expert insight, best practices and advice on cloud native security, trends, threat intelligence and compliance.

KUBERNETES SECURITY

Kubernetes RBAC: How to Avoid Privilege Escalation via Certificate Signing

Following on from our previous post on the risks of privilege escalation in Kubernetes via the node/proxy resource, we’re going to take a look at how users who have rights to the certificate signing request (CSR) API in Kubernetes might be able to use them to escalate their privileges in a cluster. In addition to …

SECURITY RESEARCH

New npm Flaws Let Attackers Better Target Packages for Account Takeover

For the past few years, cybercriminals have been hijacking popular npm packages by taking over maintainers’ accounts. As part of our research at Team Nautilus, we discovered two flaws in the npm platform related to two-factor authentication (2FA). An attacker can use these flaws to target npm packages for account takeover attacks. We reported these …

SECURITY RESEARCH

New Zero-day RCE Vulnerability Spring4Shell: What You Should Know

A new critical zero-day vulnerability has been discovered in Spring, a popular open source framework widely used in modern Java applications. The issue could allow an attacker to execute arbitrary code on the vulnerable system. The vulnerability has been assigned CVE-2022-22965, and Spring has already released a patch.

SECURITY RESEARCH

Threat Alert: First Python Ransomware Attack Targeting Jupyter Notebooks

Team Nautilus has uncovered a Python-based ransomware attack that, for the first time, was targeting Jupyter Notebook, a popular tool used by data practitioners. The attackers gained initial access via misconfigured environments, then ran a ransomware script that encrypts every file on a given path on the server and deletes itself after execution to conceal …

SECURITY RESEARCH

CVE-2022-23648 in Containerd’s CRI Plugin Could Allow for Container Breakout

A recently discovered CVE in containerd allows attackers who can run a custom image in a cluster to break out to the underlying node and, in some cases, escalate privileges to cluster-admin level. This CVE is interesting for several reasons. First, the vulnerability shows up in the container image, not in the Kubernetes manifests, so …

Run Secure Applications on OpenShift with IBM Power Systems

As an important component of end-to-end application modernization and hybrid cloud adoption, Aqua Security integrates with OpenShift on Power to provide tools to help customers further secure the full lifecycle of Red Hat OpenShift containerized workloads.

SECURITY RESEARCH

The New Octocat Coin: How Attackers Bypass CI/CD Compute Limits

Over the past few years, attackers have embraced cryptomining as a fast revenue source, easily converting compute power into digital coins. Unlike other types of cybercrime, cryptomining is perceived by the attacker as relatively harmless and reversible, with a low footprint and an immediate payoff. Last year, bad actors switched from attacking unpatched servers to …

AQUA OPEN SOURCE

Scan IaC Code in Dev with Trivy’s Extensions for VS Code and JetBrains

When developing new software, a key element of improving security is providing security feedback as early and seamlessly as possible. One way to do this is embed security tools directly into the development environment. Recently, Aqua’s open source scanner Trivy has added this functionality, integrating with popular developer tools Visual Studio Code and JetBrains to …

SECURITY RESEARCH

CVE-2022-0811: CRI-O Vulnerability Could Allow Container Escape

A newly discovered vulnerability in the container runtime tool CRI-O could allow for attackers who are able to create pods in a Kubernetes or OpenShift cluster that uses the software, to break out to the underlying cluster node, effectively escalating their privileges. While, as ever, the best way to address this issue is to apply …

SECURITY RESEARCH

Cloud Native Technologies Used in Russia-Ukraine Cyber Attacks

The conflict between Russia and Ukraine is raging not only in the physical realm but also on the cyber front, where governments, hacktivist groups, and individuals are trying to play their part. In this blog, we analyze some examples of the cyberattacks that have taken place as part of the current conflict and review their …

SECURITY RESEARCH

Linux Kernel Vulnerability: Escaping Containers by Abusing Cgroups

CVE-2022-0492, a recently disclosed high-severity Linux vulnerability that relates to a weakness in the handling of release_agent in cgroups, could allow for container escape under some circumstances. Fortunately, in common container configurations, the various layers of security hardening will block the effective execution of this vulnerability.

SECURITY RESEARCH

Dirty Pipe Linux Vulnerability: Overwriting Files in Container Images

A new CVE in the Linux kernel was released this week. CVE-2022-0847, aka “Dirty Pipe”, is a vulnerability that allows users on a Linux system to overwrite the contents of files that they can read but shouldn’t be able to write to. Looking at this vulnerability from the perspective of hosts using containerization software such …

Page 12 of 33‹ Prev 8 9 10 111213 14 15 16 Next ›

Need to secure enterprise workloads?

Aqua Cloud Native Application Protection Platform (CNAPP)

Go cloud native with the experts!

Get Demo

Aqua Security stops cloud native attacks across the application lifecycle. As the pioneer in cloud native security, Aqua helps customers reduce risk while building the future of their businesses. The Aqua Platform is the industry's most integrated Cloud Native Application Protection Platform (CNAPP), protecting the application lifecycle from code to cloud and back. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL with Fortune 1000 customers in over 40 countries.

Read Aqua Security reviews on G2

Use Cases

Environments

Partners

Resources

About Us

Get in Touch

Products

Get Started

Copyright © 2024 Aqua Security Software Ltd. Privacy Policy | Terms of Use | |