A container wide open. source: technadu.com

Introduction

The simplicity and flexibility of microservice architecture has led to an increasing adoption of containers and kubernetes in the cloud. According to Gartner, more than 75% of global organizations will be running containerized apps in production by 2022.

As the adoption increases, threat actors are evolving their toolsets to compromise container workloads. Recently, it is reported that 50,000 IPs across multiple Kubernetes clusters were compromised by TeamTNT.

Threat actors typically exploit vulnerabilities and/or misconfigurations of the container workloads. They can not only move between containers, but also move between containers and the underlying hosts. …


Photo: https://meterpreter.org/

A heap overflow vulnerability in sudo was recently discovered (CVE-2021-3156, named: Baron Samedit). By exploiting this vulnerability, any unprivileged user can use the default sudo configuration to obtain root privileges (no password required) on the vulnerable host.

Interestingly, the sudo privilege escalation vulnerability remained undiscovered for nearly ten years. It was introduced in a submission in July 2011. If you are like many and have sudo installed on Linux or Unix machines in your environment, this vulnerability likely affects you.

While it requires an adversary to have access to the vulnerable machine to perform privilege escalation, detecting this exploit needs…

Rex Guo

Head of Research @ Confluera | Ex-Cisco Acquisition | Ex-Intel Security | | Blackhat/Defcon Speaker

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store