OOMyPod: Nothin’ To CRI-O-bout

Gather around the fire for a story about the unlikely partnership of bugs that led to a partial container escape. While this is a fairly technical post covering some container …

Don’t Get Kicked Out! A Tale of Rootkits and Other Backdoors

Introduction When it comes to rootkits and other backdoors, everything is on the table. There exists a vulnerability that can be exploited in a system binary to gain root access? …

The Curious Case of a Kibana Compromise

The sun rose, coffee was guzzled, and fingers clicked away at keys, making it a typical day at Capsule8 HQ – until it wasn’t. As the Capsule8 team deployed one …

An Infosec Lens on the 2019 State of DevOps Report: What It Means for Us

Understanding DevOps trends is essential for infosec professionals. Before you angrily close the tab because you are tired of lectures about the need for infosec to work with DevOps, consider …

HELO, Is It Me You’re Exploiting For?

Another month, another pre-auth RCE in Exim, an open source mail server for Unix systems. This time, it’s CVE-2019-16928, a heap-based buffer overflow reported this weekend. Why it matters: If …

Major Key Alert: Data Discovery for Red Teams with an ML Tool for Keylogging

With the glut of security vendors who promise to secure to the moon and back on the star-glazed spaceship of Machine Learning (ML) technology, where is the equivalent for red …

Here’s How Capsule8 Protect Helps You Achieve HIPAA Compliance for Your Linux Production Environment

By the end of December 2018, the HHS Office for Civil Rights received notifications that a staggering 13 million healthcare records had been exposed.  Even with strict HIPAA regulations in …

(Back) Slasher: RCE Horrors in Exim

Last week, a buffer overflow vuln, deemed CVE-2019-15846, was announced in Exim that allowed remote code execution (RCE) via a trailing backslash, perhaps like a blade-wielding ghost stalking you after …

Introducing Capsule8 Investigations

This week we announced Investigations, new functionality that enables cloud users to maintain a dedicated database just for security data without the cost or burden of having to set up …