Earlier today, CVE-2019-5736 was announced regarding a runC container breakout. Given the high CVSS rating of 7.2, it is imperative to quickly patch your systems.

A Docker image contains an application and all its dependencies. As it also contains the numerous binaries and libraries of an OS, it’s important to make sure no vulnerabilities exist in its root filesystem, or at least no critical or major ones. Scanning an image within a CI/CD pipeline can ensure this additional level of security.

A recently disclosed vulnerability in Kubernetes dashboard (CVE-2018-18264) exposes secrets to unauthenticated users. In this blog post we’ll explore some key takeaways regarding monitoring privilege escalation on Kubernetes.

This blog describes how Rancher and its managed kubernetes clusters can be affected by the recent announcement detailing the vulnerabilities of the proxying external IPs and dashboard.

Today we are announcing the release of StackStorm v2.9.2 and StackStorm v2.10.1. Those two patch releases fix a security issue which has been reported to us this week by one of our users (Alexandre Juma – thanks!).

It finally happened. At the start of DockerCon Europe and a week before KubeCon was set to take place in the U.S., researchers discovered the first major vulnerability within Kubernetes, the popular cloud container orchestration system.

Darren Shepherd, Rancher co-founder and Chief Architect, describes the Kubernetes critical CVE issue he discovered, how it came to a resolution, and what it says about the Kubernetes open-source community.

In the past few days, a new vulnerability was disclosed in a widely used component – jQuery File Upload plugin. A change in Apache’s Web Server security setting handling, exposed users of this plugin to an unrestricted file upload flaw. Let’s dig in on how to detect jQuery File Upload vulnerability (CVE-2018-9206) using Falco.

Reports have recently surfaced about Spectre and Meltdown vulnerabilities in most modern computer systems. These so-called side-channel attacks can allow one program (e.g. a browser) to infer and even read data used by the CPU to execute another program… even a more privileged one. These vulnerabilities affect phones, ​tablets, ​desktops, servers, and cloud computing services.

Most likely you have heard about Spectre and Meltdown by now. It’s all over the news. As an IT or DevOps engineer, it’s now your job to patch your EC2 instance operating systems. This task can be “fun” if you need to SSH/RDP into every EC2 instance and apply patches. Or, it can be truly fun if you decide to use AWS Systems Manager to apply patches to your OS.