podman: Containers run as non-root users do not drop capabilities

It has been discovered that podman does not drop capabilities when executing a container as a non-root user. This results in unnecessary privileges being granted to the container...

[SECURITY] Fedora 28 Update: cri-o-1.10.3-1.gite558bd5.fc28

Kubernetes Container Runtime Interface for OCI-based containers...

[SECURITY] Fedora 27 Update: cri-o-1.10.3-1.gite558bd5.fc27

Kubernetes Container Runtime Interface for OCI-based containers...

Important kernel security update: CVE-2018-10675 and other issues; new kernel 2.6.32-042stab131.1 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0

This update provides a new kernel 2.6.32-042stab131.1 for Virtuozzo Containers for Linux 4.7 and Server Bare Metal 5.0 that is a rebase to the Red Hat Enterprise Linux 6.10 kernel 2.6.32-754.el6. The new kernel introduces security and stability fixes. Vulnerability id: CVE-2018-10675 The...

22K Open, Vulnerable Containers Found Exposed on the Net

More than 22,000 container orchestration and API management systems are unprotected or publicly available on the internet – highlighting the reality of the risks of operating workloads in the cloud. According to research from Lacework, the containers Kubernetes, Mesos, Docker Swarms and more suff...

Apple macOS Bug Reveals Cache of Sensitive Data from Encrypted Drives

Security researchers are warning of almost a decade old issue with one of the Apple's macOS feature which was designed for users' convenience but is potentially exposing the contents of files stored on password-protected encrypted drives. Earlier this month, security researcher Wojciech Regula fr...

Apple macOS Bug Reveals Cache of Sensitive Data from Encrypted Drives

Security researchers are warning of almost a decade old issue with one of the Apple's macOS feature which was designed for users' convenience but is potentially exposing the contents of files stored on password-protected encrypted drives. Earlier this month, security researcher Wojciech Regula fr...

[SECURITY] Fedora 28 Update: singularity-2.5.1-1.fc28

Singularity provides functionality to make portable containers that can be used across host environments...

[SECURITY] Fedora 27 Update: singularity-2.5.1-1.fc27

Singularity provides functionality to make portable containers that can be used across host environments...

Qualys Security Conference Virtual 2018. New Agents, Patch Management and Free Services

Today I attended a very interesting online event - Qualys Security Conference Virtual 2018. It consisted of 11 webinars, began at 18:00 and will end at 03:45 Moscow time. Not the most convenient timing for Russia, but it was worth it. Last time I was at offline QSC event in 2016, so for me it was...

Malicious Docker Containers Earn Cryptomining Criminals $90K

UPDATE Seventeen malicious Docker containers earned cryptomining criminals $90,000 in 30 days in what could be a harbinger of things to come. The figure may seem tame compared to some of the larger paydays that cryptojackers have earned. But, researchers at Kromtech Security Center warn container...

Securing Containers at Scale: Amazon EKS, Amazon ECS and Deep Security Smart Check

Containers present a new opportunity for teams. An opportunity to deploy faster, more consistently, and with a simplicity rarely seen. But in order to make that happen a lot of infrastructure needs to be setup ahead of time. A cluster of hosts for the container runtime, an orchestration layer,...

Monero: Constant-time comparison is not always implemented; critical areas are vulnerable to key-timing attacks

In my most superficial of reviews, constant-time comparison appears to not be globally implemented at a glance, only implemented within the ref10 implementation. With that said, the following areas either appear to be vulnerable, or are potentially vulnerable, to key-timing attacks: 1. Containers...

Ubuntu: Security Advisory (USN-3664-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3664-2: Apport vulnerability

USN-3664-1 fixed a vulnerability in Apport. Sander Bos reported that Ubuntu 14.04 LTS was also vulnerable to this issue, but was incorrectly omitted from the previous updates. This update provides the corresponding update for Ubuntu 14.04 LTS. Original advisory details: Sander Bos discovered that...

CVE-2018-6552

CVE-2018-6552 affects the Ubuntu Apport component. The vulnerability arises when Apport handles crashes originating from a PID namespace; if /proc// is missing, the code may forward the crash using the container’s pid in the global namespace. This can allow a local attacker to cause a denial of s...

Ubuntu 16.04 LTS / 18.04 LTS : Apport vulnerability (USN-3664-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3664-1 advisory. Sander Bos discovered that Apport incorrectly handled core dumps when certain files are missing from /proc. A local attacker could possibly use this...

CVE-2018-6552

Apport does not properly handle crashes originating from a PID namespace allowing local users to create certain files as root which an attacker could leverage to perform a denial of service via resource exhaustion, possibly gain root privileges, or escape from containers. The issamens function...

USN-3664-1: Apport vulnerability

Sander Bos discovered that Apport incorrectly handled core dumps when certain files are missing from /proc. A local attacker could possibly use this issue to cause a denial of service, gain root privileges, or escape from containers...

Open Source Deception Framework: DejaVU

Deception techniques if deployed well can be very effective for organizations to improve network defense and can be a useful arsenal for blue teams to detect attacks at very early stage of cyber kill chain. But the challenge we have seen is deploying, managing and administering decoys across larg...