Critical Vulnerability in Harbor Enables Privilege Escalation from Zero to...
Aviv Sasson, a security researcher from the cloud division of Unit 42, has identified a critical vulnerability in a widespread cloud native registry called Harbor. The vulnerability allows attackers to...
View ArticleRootless Containers: The Next Trend in Container Security
Rootless containers is a new concept of containers that don’t require root privileges in order to formulate. They contain some challenges that are solved differently by each container engine. The post...
View ArticleCetus: Cryptojacking Worm Targeting Docker Daemons
Cetus is a new and improved Docker cryptojacking worm mining for Monero, discovered in a Docker daemon honeypot. The post Cetus: Cryptojacking Worm Targeting Docker Daemons appeared first on Unit 42.
View ArticlePro-Ocean: Rocke Group’s New Cryptojacking Malware
Pro-Ocean is a revised version of cloud-targeted cryptojacking malware, which now includes new and improved rootkit and worm capabilities. The post Pro-Ocean: Rocke Group’s New Cryptojacking Malware...
View ArticleHildegard: New TeamTNT Cryptojacking Malware Targeting Kubernetes
Hildegard is a new malware campaign believed to originate from TeamTNT. It targets Kubernetes clusters and launches cryptojacking operations. The post Hildegard: New TeamTNT Cryptojacking Malware...
View Article20 Million Miners: Finding Malicious Cryptojacking Images in Docker Hub
Container images are a simple way to distribute software – including malicious cryptojacking images attackers use to distribute cryptominers. The post 20 Million Miners: Finding Malicious Cryptojacking...
View ArticleNew Vulnerability Affecting Container Engines CRI-O and Podman (CVE-2021-20291)
CVE-2021-20291 leads to a denial of service of the container engines CRI-O and Podman when pulling a malicious image from a registry. The post New Vulnerability Affecting Container Engines CRI-O and...
View ArticleUnsecured Kubernetes Instances Could Be Vulnerable to Exploitation
We discuss how malware and malicious activities can occur in unsecured Kubernetes instances and how better configuration can help. The post Unsecured Kubernetes Instances Could Be Vulnerable to...
View ArticleDocker Honeypot Reveals Cryptojacking as Most Common Cloud Threat
A Docker honeypot captured 33 types of attacks over a total of 850 attempts. Here’s what we learned about the cloud threat landscape. The post Docker Honeypot Reveals Cryptojacking as Most Common Cloud...
View ArticleFabricScape: Escaping Service Fabric and Taking Over the Cluster
FabricScape (CVE-2022-30137) is a privilege escalation vulnerability of important severity in Microsoft's Service Fabric, commonly used with Azure. The post FabricScape: Escaping Service Fabric and...
View ArticleDigging Inside Azure Functions: HyperV Is the Last Line of Defense
We investigated Azure's serverless architecture and found that a HyperV VM was the remaining defense after a container breakout. The post Digging Inside Azure Functions: HyperV Is the Last Line of...
View ArticleAnalyzing Web Application and API Attacks: The Cloud as a Target and a Launch...
We investigate a growing trend of attacks originating in the cloud with a focus on web app and API attacks, using survey data to enhance our key findings. The post Analyzing Web Application and API...
View Article
