CyberArk (NASDAQ: CYBR), the global leader in privileged access security, today unveiled new research from CyberArk Labs demonstrating how attackers can manipulate container defense-in-depth strategies to gain access to an organization’s most valuable assets.
The report is the latest in a series of comprehensive CyberArk Labs research reports examining how cyber attackers can utilize existing vulnerabilities to circumvent container security and take advantage of DevOps environments.
The blog, “The Route to Root: Container Escape Using Kernel Exploitation,” describes how known kernel vulnerabilities can be weaponized in container environments allowing an attacker to escape to the host. The research found that Linux security controls like seccomp and namespaces generally provide good security, limiting the attacker’s ability to escape. However, in cases where the host kernel is vulnerable, those security controls may be further manipulated by weaponizing existing exploits to eventually escape the container to the host.
CyberArk PR Here