Threat Detections for Container Lateral Movements and Container Escapes — This is How

A container wide open. source: technadu.com

Introduction

The simplicity and flexibility of microservice architecture has led to an increasing adoption of containers and kubernetes in the cloud. According to Gartner, more than 75% of global organizations will be running containerized apps in production by 2022.

As the adoption increases, threat actors are evolving their toolsets to compromise container workloads. Recently, it is reported that 50,000 IPs across multiple Kubernetes clusters were compromised by TeamTNT.

Threat actors typically exploit vulnerabilities and/or misconfigurations of the container workloads. They can not only move between containers, but also move between containers and the underlying hosts. …

Read more in Confluera Engineering · 4 min read

Published in Confluera Engineering

·Feb 2

The Sudo vulnerability may be 10 years old, but your detection and response should be cutting edge

A heap overflow vulnerability in sudo was recently discovered (CVE-2021-3156, named: Baron Samedit). By exploiting this vulnerability, any unprivileged user can use the default sudo configuration to obtain root privileges (no password required) on the vulnerable host.

Interestingly, the sudo privilege escalation vulnerability remained undiscovered for nearly ten years. It was introduced in a submission in July 2011. If you are like many and have sudo installed on Linux or Unix machines in your environment, this vulnerability likely affects you.

While it requires an adversary to have access to the vulnerable machine to perform privilege escalation, detecting this exploit needs…

Read more in Confluera Engineering · 6 min read

Rex Guo

Head of Research @ Confluera | Ex-Cisco Acquisition | Ex-Intel Security | | Blackhat/Defcon Speaker

About

Help

Legal

Get the Medium app