FabricScape (CVE-2022-30137) is a privilege escalation vulnerability of important severity in Microsoft's Service Fabric, commonly used with Azure. | Continue reading
We disclosed several GKE Autopilot vulnerabilities and attack techniques to Google. The issues are now fixed – we provide a technical analysis. | Continue reading
CVE-2022-0492 is the third recent kernel vulnerability that allows malicious containers to escape. We offer root cause analysis and mitigations. | Continue reading
Affecting Azure Container Instances, Azurescape is the first known cross-account container takeover in the public cloud. | Continue reading
Ransomware cases worked by Unit 42 consultants in the first six months of 2021 reveal insights into the preferred tactics of REvil threat actors. | Continue reading
We are tracking the SolarWinds attack, SolarStorm and SUNBURST while working to ensure protections are in place for Palo Alto Networks customers. | Continue reading
The novel Chinese shellcode "BendyBear" is one of the most sophisticated, well-engineered and difficult-to-detect samples employed by an APT. | Continue reading
We provide an overview of CVE-2021-24086, CVE-2021-24094 and CVE-2021-24074 and offer strategies for mitigation with Palo Alto Networks products. | Continue reading
Hildegard is a new malware campaign believed to originate from TeamTNT. It targets Kubernetes clusters and launches cryptojacking operations. | Continue reading
This Wireshark tutorial reviews recent Emotet activity and provides some tips on identifying this malware based on examining Emotet infection traffic. | Continue reading
We review the history of DNS vulnerabilities, particularly DNS cache poisoning, examining both past vulnerabilities and more advanced attacks. | Continue reading
A currently unpatched, medium-severity issue affecting all Kubernetes versions, CVE-2020-8554 can be mitigated in several ways. | Continue reading
CVE-2020-8558 exposed internal services of Kubernetes nodes. Read more details about the issue and recommendations for mitigation. | Continue reading
We demonstrate a complete technique to escalate privileges and escape Windows Server Containers. | Continue reading
We identified a malicious Docker Hub account that was hosting six malicious images intended to mine the cryptocurrency, Monero. | Continue reading
Rootless containers is a new concept that don’t require root privileges in order to formulate, but have some unique challenges. | Continue reading
Unit 42's Cloud Threat Report shows how unsecured registries in Docker can leak confidential data, fully compromise and interrupt businesses. | Continue reading
Our researcher provides an overview on containers - starting with their Linux history - and shows the different implementations of containers in Windows, how they work, the security pitfalls that may occur, as well as the internal implementation of objects that are necessary for … | Continue reading
Unit 42 researchers share details on a severe Docker container breakout vulnerability and outline a proof-of-concept that demonstrates how it can be exploited if a container has been compromised by a previous attack. | Continue reading
Unit 42 has discovered a new cryptojacking worm we’ve named Graboid has spread to more than 2,000 unsecured Docker hosts. | Continue reading
Aviv Sasson, a security researcher from the cloud division of Unit 42, has identified a critical vulnerability in a widespread cloud native registry called Harbor. The vulnerability allows attackers to take over Harbor registries by sending them a malicious request. The maintaine … | Continue reading
Currently available container-based infrastructure has limitations because containers are not truly sandboxed and share the host OS kernel. The root of the problem is the weak separation between containers when the host OS creates a virtualized userland for each container. This b … | Continue reading
Palo Alto Networks’ Unit 42 recently discovered malware that we believe has been developed from OSX.DarthMiner, a malware known to target the Mac platform.This malware is capable of stealing browser cookies associated with mainstream cryptocurrency exchanges and wallet service we … | Continue reading