Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
Vulnerabilities in the public cloud.
Manage episode 303098353 series 2881647
Guest Ariel Zelivansky, Senior Manager of Security Research at Palo Alto Networks, joins Dave to discuss Unit 42's work on the first cross-account container takeover in the public cloud. The Unit 42 Threat Intelligence team has identified the first known vulnerability that could enable one user of a public cloud service to break out of their environment and execute code on environments belonging to other users in the same public cloud service. This unprecedented cross-account takeover affected Microsoft's Azure Container-as-a-Service (CaaS) platform. Researchers named the finding Azurescape because the attack started from a container escape – a technique that enables privilege escalation out of container environments.
The research can be found here:
- What You Need to Know About Azurescape
- Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances
Note: Microsoft is a sponsor of the CyberWire, however, we cover them as we would any other company.
Learn more about your ad choices. Visit megaphone.fm/adchoices
340 tập
Manage episode 303098353 series 2881647
Guest Ariel Zelivansky, Senior Manager of Security Research at Palo Alto Networks, joins Dave to discuss Unit 42's work on the first cross-account container takeover in the public cloud. The Unit 42 Threat Intelligence team has identified the first known vulnerability that could enable one user of a public cloud service to break out of their environment and execute code on environments belonging to other users in the same public cloud service. This unprecedented cross-account takeover affected Microsoft's Azure Container-as-a-Service (CaaS) platform. Researchers named the finding Azurescape because the attack started from a container escape – a technique that enables privilege escalation out of container environments.
The research can be found here:
- What You Need to Know About Azurescape
- Finding Azurescape – Cross-Account Container Takeover in Azure Container Instances
Note: Microsoft is a sponsor of the CyberWire, however, we cover them as we would any other company.
Learn more about your ad choices. Visit megaphone.fm/adchoices
340 tập
Tất cả các tập
×Chào mừng bạn đến với Player FM!
Player FM đang quét trang web để tìm các podcast chất lượng cao cho bạn thưởng thức ngay bây giờ. Đây là ứng dụng podcast tốt nhất và hoạt động trên Android, iPhone và web. Đăng ký để đồng bộ các theo dõi trên tất cả thiết bị.