DevOps Articles

Curated articles, resources, tips and trends from the DevOps World.

How to Battle Azurescape, The Cross-Account Container Takeover Exploit

3 years ago thenewstack.io
How to Battle Azurescape, The Cross-Account Container Takeover Exploit

Summary: This is a summary of an article originally published by The New Stack. Read the full original article here →

One of the nightmare scenarios of cloud computing has always been an attacker being able to break out of their containers into other users’ containers. Palo Alto Networks’ Unit 42 researchers uncovered an interlocked exploit chain that allows a malicious Azure user to invade other users’ cloud instances within Microsoft’s container-as-a-service (CaaS) offering, Azure Container Instances (ACI).

The key security hole was that ACI was using an out-of-date version of runC, the industry-standard container runtime. Using obsolete software as a fundamental layer in your stack, where haven’t we heard of this kind of mistake before?

With this, Unit 42 was able to easily break out of the container to the underlying host, a Kubernetes node.

Read More
Oh Dear
Oh Dear
The all-in-one monitoring tool for your entire website
Fathom
Fathom
Fathom Analytics: A Better Google Analytics Alternative
Namecheap
Namecheap
DevOpsChat Logo Your DevOps Community
Product
Useful Links

Made with pure grit © 2024 Jetpack Labs Inc. All rights reserved. www.jetpacklabs.com