fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Fixes Bug Letting Hackers Take Over Azure Containers

Microsoft Fixes Bug Letting Hackers Take Over Azure Containers

Microsoft has fixed a vulnerability in Azure Container Instances called Azurescape that allowed a malicious container to take over containers belonging to other customers on the platform.

An adversary exploiting Azurescape could execute commands in the other users’ containers and gain access to all their data deployed to the platform, the researchers say.

Customer data at risk

Microsoft has notified customers that were potentially impacted by Azurescape to change privileged credentials for containers deployed to the platform before August 31

The company says that it sent the alerts out of an abundance of caution because it found no indication of an attack that leveraged the vulnerability to access customer data.

“If you did not receive a Service Health Notification, no action is required. The vulnerability is fixed and our investigation surfaced no unauthorized access in other clusters” – Microsoft

Microsoft’s Azure Container Instances (ACI) is a cloud-based service that allows companies to deploy packaged applications (containers) on the cloud.

Also Read: EU GDPR Articles: Key For Business Security And Success

For those not familiar with containers, they have all the executables, dependencies, and files necessary to run a particular application, but are stored in a single package for easy distribution and deployment.

When containers are deployed, ACI will isolate them from other running containers to prevent them from sharing memory space and interacting with each other.

Container isolation in Azure Container Instances
Container isolation – source: Palo Alto Networks

Blame it on outdated code

Researchers at Palo Alto Networks found and reported Azurescape to Microsoft. In a report today, the company’s Yuval Avrahami provides technical details about the vulnerability, noting that it “allowed malicious users to compromise the multitenant Kubernetes clusters hosting ACI.”

Avrahami says that finding the issue started when with finding that ACI used code released almost five years ago, that was vulnerable to container escaping bugs.

Outdated container runtime used in ACI
Outdated container runtime used in ACI – source Palo Alto Networks

“RunC v1.0.0-rc2 was released on Oct. 1, 2016, and was vulnerable to at least two container breakout CVEs. Back in 2019, we analyzed one of these vulnerabilities, CVE-2019-5736,“ the researcher explains.

Exploiting CVE-2019-5736 was sufficient to break out of the container and get code execution with elevated privileges on the underlying host, a Kubernetes node.

The researcher summarized the next steps for getting unauthorized access to other containers as follows:

  • On the node, monitor traffic on the Kubelet port, port 10250, and wait for a request that includes a JWT token in the Authorization header
  • Issue az container exec to run a command on the uploaded container. The bridge pod will now send an exec request to the Kubelet on the compromised node
  • On the node, extract the bridge token from the request’s Authorization header and use it to pop a shell on the API-server.

To demonstrate the attack, Palo Alto Networks published a video showing how an attacker could have broken out of their container to get administrator privileges for the entire cluster.

Also Read: 7 Simple Tips On How To Create A Good Business Card Data

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us