Aqua 3.2: Preventing Container Breakouts with Dynamic System Call Profiling

SystemCalls_Profiling_BLOG-315_650.png

Recently, IBM researchers weighed in on container isolation, having developed an algorithm for measuring how well it works, and reached the conclusion that "a Docker container with a well crafted […]

Bugs Gone Wild: Container (Stack) Clash and CVE-2017-1000253

stackclash bugs.png

A “Stack Clash” is a vulnerability in the memory management of several operating systems, including Linux. It can be exploited by attackers to corrupt memory of a privileged process in order to […]

DockerCon 2017: Moby, LinuxKit, Linux Containers on Windows, and More

DockerCon 2017 blog.png

Last week I attended DockerCon along with many of my colleagues at Aqua. It was a great event, with over 5,000 attendees, making it the biggest DockerCon ever. Also, this year 20% of attendees[…]

CVE-2016-9962: Run Container Run

BLog runc CVE
RunC Like the Wind

Recently, an interesting vulnerability was discovered (CVE-2016-9962) that enables container escape to the host. The vulnerability stems from a bug found in opencontainers' runc[…]

Cisco CloudCenter Orchestrator Docker Privilege Escalation Vulnerability Explained

blog-cisco-banner.png

Cisco announced a few days ago that it discovered and fixed a critical vulnerability in its CloudCenter Orchestrator, whereby a misconfiguration caused the Docker Engine management port to be[…]

Dirty COW Vulnerability: Impact on Containers

Dirty COW Vulnerability

There has been plenty of buzz lately regarding an old-new privilege escalation vulnerability, adorably named “Dirty COW” after the Copy-On-Write memory protection in the Linux kernel. The whole[…]

Subscribe to Email Updates