Five Easy Steps to Keep on Your Organization’s DevOps Security Checklist
- by nlqip
The discovery of a significant container-based (runc) exploit sent shudders across the Internet. Exploitation of CVE-2019-5736 can be achieved with “minimal user interaction” it subsequently allows attackers to gain root-level code execution on the host.
Scary, to be sure. Scarier, however, is that the minimal user interaction was made easier by failure to follow a single, simple rule: lock the door. Studies have shown an increasing number of publicly accessible, containerized environments that require no credentials. That means anyone – maybe you, maybe me – could gain control and deploy the appropriate malicious container required to gain root-level access.
Read the full article published March 5, 2019 here: https://www.tripwire.com/state-of-security/devops/devops-security-checklist/ by Tripwire, Inc.
Source link
lol
The discovery of a significant container-based (runc) exploit sent shudders across the Internet. Exploitation of CVE-2019-5736 can be achieved with “minimal user interaction” it subsequently allows attackers to gain root-level code execution on the host. Scary, to be sure. Scarier, however, is that the minimal user interaction was made easier by failure to follow a…
Recent Posts
- Eight Key Takeaways From Kyndryl’s First Investor Day
- QNAP pulls buggy QTS firmware causing widespread NAS issues
- N-able Exec: ‘Cybersecurity And Compliance Are A Team Sport’
- Hackers breach US firm over Wi-Fi from Russia in ‘Nearest Neighbor Attack’
- Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs