AWS Issues Alert for Multiple Container Systems

Kacy Zurkus | February 11, 2019

AWS Issues Alert for Multiple Container Systems
A security issue that affects several open source container management systems, including Amazon Linux and Amazon Elastic Container Service, has been disclosed by AWS. The vulnerabilities (CVE-2019-5736) were reportedly discovered by security researchers Adam Iwaniuk, Borys Poplawski and Aleksa Sarai and would allow an attacker with minimal user interaction to “overwrite the host runc binary and thus gain root-level code execution on the host.” Also among the affected AWS containers are the service for Kubernetes (Amazon EKS), Fargate, IoT Greengrass, Batch, Elastic Beanstalk, Cloud 9, SageMaker, RoboMaker and Deep Learning AMI. In its security issue notice published 11 February, AWS said that no customer action is required for those containers not on the list. Though blocked when correctly using user namespaces, the vulnerability is not blocked by the default AppArmor policy or the default SELinux policy of Fedora [++], according to Sarai. A common type of container exploit, this vulnerability is known as a host breakout attack, according to Praveen Jain, chief technology officer at Cavirin. “That these still occur, and will continue to occur, is all the more reason to ensure you have the people, processes and technical controls in place to identify and immediately remediate these types of vulnerabilities with a goal of securing their cyber posture.” If malicious actors were to leverage this vulnerability, Sarai said they could create a new container using attacker-controlled images or attach to an existing container to which the attacker had previous write access. “This is the first major container vulnerability we have seen in a while and it further enforces the need for visibility of your hosts and containers both in the cloud and traditional data centers using docker and other containers,” said Dan Hubbard, chief product officer at Lacework.

Spotlight

With its Digital Software & Solutions Group (DS&S), TCS has started a bold new venture to embrace the needs of large enterprises struggling with the new worlds of digital transformation and customer intelligence in the post-PC era.


Other News

AI APPLICATIONS

Enterprise AI platform Dataiku launches managed service for smaller companies

Dataiku | June 15, 2021

Dataiku is going downstream with a new product today called Dataiku Online. As the name suggests, Dataiku Online is a fully managed version of Dataiku. It lets you take advantage of the data science platform without going through a complicated setup process that involves a system administrator and your own infrastructure. If you’re not familiar with Dataiku, the platform lets you turn raw data into advanced analytics, run some data visualization tasks, create data-backed dashboards and train machine learning models. In particular, Dataiku can be used by data scientists, but also business analysts and less technical people. The company has been mostly focus...

Read More

AI TECH

Tech Mahindra and Subex Partner to Drive Scale Adoption of Blockchain-based Solutions for Telecom Operators Globally

Subex | November 05, 2020

To enable fraud mitigation and drive operational efficiencies for communication service providers by reducing compliance complexities and faster time-to-market 5th November 2020, BENGALURU, INDIA – Tech Mahindra, a leading provider of digital transformation, consulting, and business re-engineering services and solutions, and Subex, an industry leader in providing services based on Digital Trust, have announced strategic partnership to roll-out blockchain based solutions for telecom operators globally. These solutions will enable fraud mitigation and drive operational efficiencies for communication service providers (CSP) by reducing compliance complexities and faster tim...

Read More

Google Cloud and STS to Automate U.S. Navy Maintenance Inspections Using AI and ML Technology

Prnewswire | August 28, 2020

Google Cloud and Simple Technology Solutions (STS)—a Google Cloud partner and small business specializing in multi-cloud solutions for the federal government—today announced they are working with the U.S. Navy to modernize the maintenance and repairs inspection process for Navy vessels and facilities. STS will use Google Cloud artificial intelligence (AI) and machine learning (ML) technologies on inspection drone-captured images to detect, prioritize, and predict its maintenance needs. The work was awarded to STS as a Phase I Small Business Innovation Research project due to the technology innovation and potential for commercialization....

Read More

THE BEST UPWORK AGENCY – THE FOURTH AWARD

MobiDev | July 24, 2020

This year MobiDev won the fourth award as Upwork’s Best Agency in Ukraine. The first place in the Web, Mobile & Software Development category is ours for the fourth year in a row. Although this year, the Upwork Ukraine Awards Ceremony took place online in Zoom, that didn’t stop us from attending it.We are proud to keep the leading position and to justify the confidence of our clients for many years. Without such an awesome team none of this would have been possible. Thank you, guys! Alone we could do so little, together we are capable of so much....

Read More

Spotlight

With its Digital Software & Solutions Group (DS&S), TCS has started a bold new venture to embrace the needs of large enterprises struggling with the new worlds of digital transformation and customer intelligence in the post-PC era.

Resources

Events