What does the Kubernetes privilege escalation flaw mean
|Richard Harris in Security Tuesday, December 4, 2018|
RedHat has released CVE-2018-1002105 to help handle the recent privilege escalation flaw impacting Kubernetes that would allow users to gain full administrator access privileges to any compute node.
Bringing together powerful applications into containerized services that are open source can have their drawbacks, as recently discovered by the RedHat issued a critical Security Advisory and patches for CVE-2018-1002105, a privilege escalation flaw impacting Kubernetes.
Sumo Logic CSO, George Gerchow weighs in: "The Kubernetes vulnerability is a huge deal, even more so when you think about its scale of exposure. What makes Kubernetes great is its fundamental speed, orchestration, automation, and scale. All of those qualities become an instant detriment when a security issue arises as they rapidly extend the reach of the attack.
With that said, any well-versed security professional would expect this to happen, as emerging technology is notoriously known to treat security as an afterthought.
Looking at it from a bigger picture, this is another example of how development and security teams need to work together through DevSecOps to establish guardrails and best practices while maintaining agility. Most organizations lack visibility into the proper security and configuration of not just its containers, but the CI/CD pipeline as a whole.”
Moving forward, developers must pay close attention to uniquely identified logs by leveraging machine learning. This will help proactively identify these potential attacks as the requests appear in the kubelet or aggregated API server logs, that would otherwise be indistinguishable from correctly authorized and proxied requests via the Kubernetes API server. If developers - and digital organizations as a whole -- are not able to correctly identify bad behavior via logs, that is a major flaw."
RedHat has been quick to respond and offers an explanatory video to help understand the flaw, which in short, would allow any user to gain full administrator privileges on any compute node being run in a Kubernetes pod.
Read more: https://access.redhat.com/security/cve/cve-2018-10...
Are you paying more taxes than you have to as a developer or freelancer? The IRS is certainly not going to tell you about a deduction you failed to take, and your accountant is not likely to take the time to ask you about every deduction you’re entitled to. As former IRS Commissioner Mark Everson admitted, “If you don’t claim it, you don’t get it.
Get hands-on experience in performing simple to complex mobile forensics techniques Retrieve and analyze data stored not only on mobile devices but also through the cloud and other connected mediums A practical guide to leveraging the power of mobile forensics on popular mobile platforms with lots of tips, tricks, and caveats.
The Chirp GPS app is a top-ranked location sharing app available for Apple and Android that is super easy to use, and most of all, it's reliable.
Write and run code every step of the way, using Android Studio to create apps that integrate with other apps, download and display pictures from the web, play sounds, and more. Each chapter and app has been designed and tested to provide the knowledge and experience you need to get started in Android development.