Yesterday it was disclosed that a new high severity (CVSS score 7.2) vulnerability (CVE-2019-5736) was found in runc, that allows an attacker to potentially compromise the container host. Patches are already available from most providers (see below). Aqua customers can also prevent this vulnerability from being …
A few weeks ago we released Aqua MicroScanner, a free vulnerability scanner that you can embed into the dockerfile and automate scanning during image build.
Last week, Michael Hanselmann published details of a remote code execution vulnerability (CVE-2018-8115) that impacts Docker for Windows. As he described it: “Docker for Windows uses the Windows Host Compute Service Shim published and maintained by Microsoft. Its use of Go's “filepath.Join” function with …
.png)
In a previous post, we explored six tools for storing data for Docker containers. Another challenge in container environments is getting containers to network in a consistent and secure manner - especially as container workloads may appear on different hosts as applications scale out, then disappear when they’re …
.png)
In late 2016 we enlisted the help of security analysts and thought leaders Securosis to perform an in-depth best practices analysis of what companies should do to build a security program around containers. In the 14 months that passed, many things have evolved in the container (and now, cloud-native) ecosystem. So …
.png)
Continuous integration and continuous delivery (CI/CD) are two of the biggest trends in software development. As companies move to release higher quality software at a faster pace, developers and engineers need new approaches to building, testing, and delivering products. As a result, many companies are turning to …
This isn't a story about a Docker vulnerability; it's a story about how hackers are looking for unsecured Docker deployments where they can mine cryptocurrency. You shouldn't leave your Docker daemon unsecured any more than you would leave your mail server unsecured.
We’ve heard many accounts of attempted …
.png)
.png)
From a “humble” $762 million in 2016, containers are predicted to grow faster than any other technology this year (as well as the next) and are on the way to become a $2.7B industry by 2020.
.png)
Last week McKinsey & Company named container technology and DevOps as two of the top Ten trends redefining enterprise IT infrastructure and for good reason. No longer considered as “bleeding edge”, containers, combined with DevOps, are revolutionizing the way applications are built and deployed. In a recent survey …
In just about a week we will be live on stage at BlackHat 2017 with this tersely titled talk: Well that Escalated Quickly! How Abusing Docker API Led to Remote Code Execution Same Origin Bypass and Persistence in the Hypervisor via Shadow Containers, and we are very excited.