cyberITcafe

spotlight with Rich (Latayan360@Outlook.com) - espresso to Security Business Leadership - splash of key note speaker | Opinions are my own! @CISOmd

Saturday, February 16, 2019

RunC Container Runtime Security Flaw Targets Kubernetes, Docker

Container runtime RunC fro Docker,Kubernetes and other container dependent programs is exploitable via attacker gaining access to the host. The open-source command-line tool is used for spawning and running containers. CVE-2019-5736

Now being reported in some Azure and AWS environments...

https://content.pivotal.io/blog/runc-vulnerability-secure-by-default-platform

https://www.bleepingcomputer.com/news/security/runc-vulnerability-gives-attackers-root-access-on-docker-kubernetes-hosts/

https://www.zdnet.com/article/doomsday-docker-security-hole-uncovered/

https://www.crn.com/news/security/new-security-flaw-targets-kubernetes-docker-runc-container-runtime

https://www.openwall.com/lists/oss-security/2019/02/11/2

on February 16, 2019

Email This BlogThis!Share to Twitter Share to Facebook Share to Pinterest

No comments:

Post a Comment

Newer Post Older Post Home

Subscribe to: Post Comments (Atom)

Links

TWEETS - Follow the Data
Co-Chair Evanta Florida CISO
Speaker HMG Strategy
Speaker - IDC | CIO | CSO
SecureWorld Phishing Moderator
4th Annual Cyber Risk Panelist
Cyber Threat Count

Promote and Protect

Cyberitcafe

View my complete profile

Blog Archive

► 2024 (13)
- ► September (3)
- ► August (7)
- ► July (3)

► 2021 (4)
- ► May (1)
- ► February (1)
- ► January (2)

► 2020 (9)
- ► December (4)
- ► November (2)
- ► April (1)
- ► March (1)
- ► February (1)

▼ 2019 (4)
- ► December (1)
- ► April (1)
- ▼ February (1)
  - RunC Container Runtime Security Flaw Targets Kuber...
- ► January (1)

► 2018 (8)
- ► December (1)
- ► November (1)
- ► September (1)
- ► August (1)
- ► July (1)
- ► June (2)
- ► January (1)

► 2017 (23)
- ► December (1)
- ► November (2)
- ► October (1)
- ► September (3)
- ► August (2)
- ► July (1)
- ► May (1)
- ► April (1)
- ► March (2)
- ► February (6)
- ► January (3)

► 2016 (58)
- ► December (5)
- ► October (1)
- ► September (1)
- ► August (1)
- ► July (1)
- ► June (3)
- ► May (8)
- ► April (4)
- ► March (11)
- ► February (7)
- ► January (16)

► 2015 (66)
- ► December (15)
- ► November (23)
- ► October (21)
- ► September (7)

► 2009 (30)
- ► November (1)
- ► October (1)
- ► September (1)
- ► August (1)
- ► July (2)
- ► June (6)
- ► May (11)
- ► April (7)

Report Abuse

Subscribe To

Posts

Posts

Comments

Comments

Search This Blog

Home

Surge in phishing threat - Is evolution just beginning?

Popular Posts

Synopsis of IIA’s Managers Forum on IT Security

With good presenters and maybe over half of the 70+ registered in attendance, the focus centered on cyber security, CEO/executive concerns o...
Cloud Computing security

Systems were once considered secure yet no matter how secure you think you are one day, it gets less secure each day (with new vulnerabilit...
Refreshing Breach Notification - Legislation

About 33 states in 2015 introduced bill updates / addendums for security breach notifications to include reporting to attorney general or si...

Awesome Inc. theme. Powered by Blogger.