Posts by

Race Conditions – Cloudy with a Chance of R/W Access
May 28, 2019
Docker Race Condition: CVE-2018-15664 Today, Aleksa Sarai published a Docker vulnerability, CVE-2018-15664, on the oss-sec mailing list. It turns out that a function inside Docker facilitates a TOCTOU bug (more on that below) which could lead to someone malicious inside a container to gain arbitrary read/write file access on the host with root privileges (not […]
A Buffer Buffet for Data Sampling
May 15, 2019
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 Yesterday, three data sampling side channel vulnerabilities were disclosed in Intel CPUs by a whole bunch of smart researchers. Intel is calling them “microarchitectural data sampling” (MDS) bugs, but they’re colloquially known as ZombieLoad (CVE-2019-1109 & CVE-2018-12130), RIDL aka “Rogue In-flight Data Load” (CVE-2018-12130), and Fallout (CVE-2018-12126) — plus there was […]
Linux Security Fun With Webhooks
May 15, 2019
At Capsule8, we want to let you work the way you prefer working rather than forcing new workflows on you. To realize this philosophy, we designed Capsule8 to be super flexible and let users consume alert data in familiar ways — such as through the use of webhooks. Since REST APIs are the lifeblood of […]
The Methods to our Madness: How Capsule8’s Detection Methods Work
May 1, 2019
One of the best weapons in defending against attackers is speed. The ability to detect an attacker’s attempts as soon as it happens, and in turn shut it down before it takes hold, is the best way to reduce any potential damage. Our detection strategies at Capsule8 are built to look for Indicators of Attack […]