sysdig

Detecting the Kubernetes API server DoS vulnerability (CVE-2019-1002100).

Recently, a new Kubernetes related vulnerability was announced that affected the kube-apiserver. This was a denial of service vulnerability where authorized users with write permissions could overload the API server as it is handling requests. The issue is categorized as a medium severity (CVSS score of 6.5) and can be resolved by upgrading the kube-apiserver to v1.11.8, v1.12.6, or v1.13.4. In Kubernetes, the control plane on the master node consists of the API Server, the Controller Manager and Scheduler(s).
Read more

Introducing container observability with eBPF and Sysdig.

Today we’ve announced that we’ve officially added eBPF instrumentation to extend container observability with Sysdig monitoring, security and forensics solutions. eBPF – extended Berkeley Packet Filter – is a Linux-native in-kernel virtual machine that enables secure, low-overhead tracing for application performance and event observability and analysis. Don’t let the name fool you – eBPF delivers a lot more than network packet information (more on that below). Sysdig now taps into eBPF to offer the deep visibility for cloud-native and container environments – from host and network data to container processes, resource utilization, and more.
Read more

CVE-2018-18264 Privilege escalation through Kubernetes dashboard

A recently disclosed vulnerability in Kubernetes dashboard (CVE-2018-18264) exposes secrets to unauthenticated users. In this blog post we’ll explore some key takeaways regarding monitoring privilege escalation on Kubernetes. The Kubernetes dashboard is a web based user interface that allows users to manage applications and resources within the cluster. This service has a login functionality starting from Kubernetes 1.7.0. Since then, users are able to authenticate with a kubeconfig file or an access token.
Read more