Threat Research Archives

How to mitigate kubelet’s CVE-2021-25741: Symlink exchange can allow host filesystem access

CVE-2021-25741 is a new vulnerability discovered in Kubernetes that allows users to create a container with subpath volume mounts to…

September 24, 2021 by Alberto Pellitteri

THREAT ALERT: Crypto miner attack – Sysrv-Hello Botnet targeting WordPress pods

The Sysdig Security Research team has identified a Cryptominer attack hitting a Kubernetes pod running WordPress, related to the recent…

August 26, 2021 by Stefano Chierici

How to mitigate CVE-2021-33909 Sequoia with Falco – Linux filesystem privilege escalation vulnerability

The CVE-2021-33909, named Sequoia, is a new privilege escalation vulnerability that affects Linux’s file system. It was disclosed in July,…

July 28, 2021 by Alberto Pellitteri

Detecting new crypto mining attack targeting Kubeflow and TensorFlow

Microsoft has discovered a new large-scale attack targeting Kubeflow instances to deploy malicious TensorFlow pods, using them to mine Monero…

June 30, 2021 by Stefano Chierici

Detecting and Mitigating CVE-2021-25737: EndpointSlice validation enables host network hijack

The CVE-2021-25737 low-level vulnerability has been found in Kubernetes kube-apiserver where an authorized user could redirect pod traffic to private…

May 24, 2021 by Stefano Chierici

Exploiting and detecting CVE-2021-25735: Kubernetes validating admission webhook bypass

The CVE-2021-25735 medium-level vulnerability has been found in Kubernetes kube-apiserver that could bypass a Validating Admission Webhook and allow unauthorised…

April 28, 2021 by Stefano Chierici

Mitigating CVE-2021-20291: DoS affecting CRI-O and Podman

The CVE-2021-20291 medium-level vulnerability has been found in containers/storage Go library, leading to Denial of Service (DoS) when vulnerable container…

April 16, 2021 by Stefano Chierici

Detecting and mitigating Apache Unomi’s CVE-2020-13942 – Remote Code Execution (RCE)

CVE-2020-13942 is a critical vulnerability that affects the Apache open source application Unomi, and allows a remote attacker to execute…

March 10, 2021 by Stefano Chierici

How to detect sudo’s CVE-2021-3156 using Falco

A recent privilege escalation heap overflow vulnerability (CVSS 7.8), CVE-2021-3156, has been found in sudo. sudo is a powerful utility…

January 28, 2021 by Stefano Chierici

THREAT ALERT: Crypto miner attack involving RinBot’s server, a popular Discord bot

The Sysdig Security Research team has identified crypto mining activities coming from the server hosting the popular RinBot Discord bot….

January 27, 2021 by Kaizhe Huang

Detect CVE-2020-8554 using Falco

CVE-2020-8554 is a vulnerability that particularly affects multi-tenant Kubernetes clusters. If a potential attacker can create or edit services and…

December 23, 2020 by Kaizhe Huang

<img class="h-8 md:h-10 lg:h-12 mb-0 mr-2 lg:mr-3" src="https://sysdig.com/wp-content/uploads/icon-forensics.svg">Threat Research

Topics

Threat Research