The benefits of cloud computing are causing the adoption of cloud services by companies of all sizes to increase each year. The reduction of operating costs, time to market, ease of use, and reliability are some of the most significant benefits. However, the shared responsibility model must be taken into consideration. Cloud breaches are already everywhere and it doesn’t look like they’re going to slow down anytime soon.
Last week, a critical vulnerability identified as CVE-2022-0185 was disclosed, affecting Linux kernel versions 5.1 to 5.16.1. The security vulnerability is an integer underflow in the Filesystem Context module that allows a local attacker to run arbitrary code in the context of the kernel, thus leading to privilege escalation, container environment escape, or denial of service.
A container is defined as packaged software that contains all the code and dependencies of an application within a virtual environment so that the application can be migrated from any computing device to another. Docker container images are executable software packages that are lightweight and standalone.
Cryptocurrency mining has become very popular among malicious actors that aim to profit by exploiting cloud attack surfaces. Exposed Docker APIs have become a common target for cryptominers to mine various cryptocurrencies. According to the Google Threat Horizon report published Nov. 29, 2021, 86% of compromised Google Cloud instances were used to perform cryptocurrency mining.
The fifth annual Sysdig Cloud-Native Security and Usage Report digs into how Sysdig customers of all sizes and industries are using and securing cloud and container environments. We examined the data and found some interesting trends this year that may help you as you work to develop best practices for securing and monitoring your cloud-native environments. This year’s report has new data on cloud security, container vulnerabilities, and Kubernetes capacity planning.
Are you wondering how to secure your Kubernetes clusters? Do you even know whether your Kubernetes is secure? Kubescape by ARMO might be the tool to help you with those and many other tasks related to Kubernetes security and scanning. Check this video by Viktor Farcic from DevOps Toolkit on Kubescape as he covers the 3 main K8s security areas – While reducing the number of false positives to a minimum and getting help fixing issues.
In the last few days, Linux maintainers disclosed a broadly available Linux kernel vulnerability that enables attackers to escape containers and get full control over the node. To be able to exploit this vulnerability, the attacker needs to be able to run code in the container and the container must have CAP_SYS_ADMIN privileges. Linux kernel and all major distro maintainers have released patches.
Kubernetes is the popular container orchestration platform developed by Google to manage large-scale containerized applications. Kubernetes manages microservices applications over a distributed cluster of nodes. It is very resilient and supports scaling, rollback, zero downtime, and self-healing containers. The primary aim of Kubernetes is to mask the complexity of overseeing a large fleet of containers.
This week, Linux maintainers and vendors disclosed a heap overflow vulnerability in the Linux Kernel. The vulnerability has been issued a Common Vulnerability and Exposures ID of CVE-2022-0185 and is rated as a High (7.8) severity. The flaw occurs in the Filesystem Context system when handling legacy parameters. An attacker can leverage this flaw to cause a DDoS, escape container environments, and elevate privileges.
