HELO, Is It Me You’re Exploiting For?

Another month, another pre-auth RCE in Exim, an open source mail server for Unix systems. This time, it’s CVE-2019-16928, a heap-based buffer overflow reported this weekend. Why it matters: If …

Major Key Alert: Data Discovery for Red Teams with an ML Tool for Keylogging

With the glut of security vendors who promise to secure to the moon and back on the star-glazed spaceship of Machine Learning (ML) technology, where is the equivalent for red …

Here’s How Capsule8 Protect Helps You Achieve HIPAA Compliance for Your Linux Production Environment

By the end of December 2018, the HHS Office for Civil Rights received notifications that a staggering 13 million healthcare records had been exposed.  Even with strict HIPAA regulations in …

(Back) Slasher: RCE Horrors in Exim

Last week, a buffer overflow vuln, deemed CVE-2019-15846, was announced in Exim that allowed remote code execution (RCE) via a trailing backslash, perhaps like a blade-wielding ghost stalking you after …

Introducing Capsule8 Investigations

This week we announced Investigations, new functionality that enables cloud users to maintain a dedicated database just for security data without the cost or burden of having to set up …

Off to the PTraces

Yesterday, a privilege escalation bug in the ptrace syscall was made public by Jann Horn at Project Zero, deemed CVE-2019-13272. The culprit was broken permission and object lifetime handling by …

How Security Teams Can Learn to Stop Worrying and Love the OODA Loop

A well-loved military operational strategy is the OODA loop, a learning cycle that helps the operator gain an advantage against their opponent by responding with greater agility to unfolding events. …

Customer Interview: Looker

With over 1700 industry-leading and innovative companies such as Sony, Amazon, IBM, Spotify, Etsy and Lyft trusting Looker’s data platform, Looker takes security seriously.  The Looker Security Operations team, managed …

Escaping like a Rocket via rkt enter

Last week, a researcher disclosed three vulnerabilities in rkt, CVE-2019-10144, CVE-2019-10145, and CVE-2019-10147, that let an attacker escape the container. Rkt is an open source container runtime created by CoreOS …