How to Battle Azurescape, The Cross-Account Container Takeover Exploit

Source: thenewstack.io

How to Battle Azurescape, The Cross-Account Container Takeover Exploit

Category: Software, Security, Microsoft, Kubernetes, Docker, encryption

One of the nightmare scenarios of cloud computing has always been an attacker being able to break out of their containers into other users’ containers. Palo Alto Networks’ Unit 42 researchers uncovered an interlocked exploit chain that allows a malicious Azure user to invade other users’ cloud instances within Microsoft’s container-as-a-service (CaaS) offering, Azure Container Instances (ACI).

The key security hole was that ACI was using an out-of-date version of runC, the industry-standard container runtime. Using obsolete software as a fundamental layer in your stack, where haven’t we heard of this kind of mistake before?

With this, Unit 42 was able to easily break out of the container to the underlying host, a Kubernetes node.
Read Full Article On thenewstack.io
Achieve superior email deliverability with ToastMail! Our AI-driven tool warms up inboxes, monitors reputation, and ensures emails reach their intended destination. Sign up today for a spam-free future.

Related Articles

Remediating the October 2018 Git Security Vulnerability – Microsoft DevOps Blog
Remediating the October 2018 Git Security Vulnerability – Microsoft DevOps Blog
Splunk Aims to Trigger DevOps Processes
Splunk Aims to Trigger DevOps Processes
DevOps Chat: JFrog Announces $165 Million Funding Round
DevOps Chat: JFrog Announces $165 Million Funding Round
Community Partners
CrowdSec
Autonomous.ai | Best Standing Desks & Ergonomic Office Chairs

Namecheap

Digital Ocean

Become a Partner?
DevOps Careers
    • Add a Job?