Manoj Ahuje
New Container Exploit: Rooting Non-Root Containers with CVE-2023-2640 and CVE-2023-32629, aka GameOver(lay)
Two new privilege escalation CVEs, CVE-2023-2640 and CVE-2023-32629, have been discovered in the Ubuntu kernel OverlayFS module. The CVEs affect not only any Ubuntu hosts running with vulnerable kerne[…]
CrowdStrike Identifies New Kiss-a-Dog Cryptojacking Campaign Targeting Vulnerable Docker and Kubernetes Infrastructure
CrowdStrike has uncovered a new cryptojacking campaign targeting vulnerable Docker and Kubernetes infrastructure using an obscure domain from the payload, container escape attempt and anonymized “dog”[…]
DirtyCred: Opening Pandora’s Box to Current and Future Container Escapes
What Is DirtyCred? DirtyCred is a new Linux kernel exploitation technique that allows kernel Use After Free (UAF) or Double free vulnerabilities to swap a credential or file structure on the kernel he[…]
Detecting Poisoned Python Packages: CTX and PHPass
The software supply chain remains a weak link for an attacker to exploit and gain access to an organization. According to a report in 2021, supply chain attacks increased by 650%, and some of the atta[…]
CVE-2022-23648: Kubernetes Container Escape Using Containerd CRI Plugin and Mitigation
CVE-2022-23648, reported by Google’s Project Zero in November 2021, is a Kubernetes runtime vulnerability found in Containerd, a popular Kubernetes runtime. It lies in Containerd’s CRI plugin that han[…]
LemonDuck Targets Docker for Cryptomining Operations
LemonDuck, a well-known cryptomining botnet, is targeting Docker to mine cryptocurrency on Linux systems. This campaign is currently active. It runs an anonymous mining operation by the use of proxy p[…]
CVE-2022-0185: Kubernetes Container Escape Using Linux Kernel Exploit
On Jan. 18, 2022, researchers found a heap base buffer overflow flaw (CVE-2022-0185) in the Linux kernel (5.1-rc1+) function “legacy_parse_param” of filesystem context functionality, which allows an o[…]
New Docker Cryptojacking Attempts Detected Over 2021 End-of-Year Holidays
Cryptocurrency mining has become very popular among malicious actors that aim to profit by exploiting cloud attack surfaces. Exposed Docker APIs have become a common target for cryptominers to mine va[…]