By Fei Huang A new docker vulnerability affecting container security, CVE-2019-5736 was just announced, with some calling it a ‘Doomsday Docker Security Hole.’ This is just 2 months after the critical Kubernetes vulnerability was reported allowing attackers to take control of the api server. From one of the runc maintainers Aleksa Sarai: Aleksa stated that “this docker vulnerability allows a …
The Implications of Kubernetes Vulnerability CVE-2018-1002105
By Fei Huang Kubernetes critical vulnerability CVE-2018-1002105 was reported this week and the implication is a big warning to the fast-growing, massive DevOps world. The wide adoption of Kubernetes and Docker workloads is no doubt indicative of a disruptive next generation platform technology. But of course, like the dark side of the moon, every big shiny thing may bring some challenges. So …
Cathay Pacific Cyber Attack Occurs as Airline Moves to the Cloud
By Fei Huang A lot of people were shocked by the recent top headline “Cathay Pacific Cyber Attack Is World’s Biggest Airline Data Breach.” Looking at the past breaches reported by British Airways and Delta Air Lines, it pains me greatly that every couple of months or even weeks we are hearing such bad news. To make things worse, Cathay …
How to Hack a Kubernetes Container, Then Detect and Prevent It
By Dieter Reuter As we talked about before in this blog, containers are just vulnerable to be attacked as non-container workloads. Hackers can use many of their old tricks on new containers, such as application exploits, network attacks, or phishing scams. In this post and demo, I’ll show how to hack a Kubernetes container using the well-publicized Apache Struts vulnerability …
Kubernetes System Security – Protecting Against Kubelet Exploits
By Andson Tung As critical as it is to protect application containers deployed by Kubernetes, it is just as critical to protect the Kubernetes system containers from attacks or from being used in an attack. In this post I’ll focus on one important Kubernetes security area – protecting the Kubelet, which manages the pods on a worker node. The recent …