݄։࠵ Ͱࠐ· Ε͍ͯͨωλͷͭΒ͍͠ w ݄݄ɺʹ े݅ͷݕ͕͋Γ·ͨ͠ˠ 25 ࢀߟใ Docker ίϯςφͷઃఆෆඋΛѱ༻͠Ծ௨՟ൃ۷ϚϧΣΞΛ֦ࢄ͢Δ߈ܸΛ֬ೝ https://blog.trendmicro.co.jp/archives/19773 Well that Escalated Quickly! How Abusing Docker API Led to Remote Code Execution Same Origin Bypass and Persistence in the Hypervisor via Shadow Containers https://www.blackhat.com/docs/us-17/thursday/us-17-Cherny-Well-That-Escalated-Quickly-How-Abusing-The-Docker-API-Led-To-Remote-Code-Execution-Same- Origin-Bypass-And-Persistence.pdf https://twitter.com/morihi_soc/status/1015530623279120384
ݸਓతʹલ͔Βɺ40$ͷੳऀ8PSE1SFTT ཧऀɺ8FCαʔόཧऀɺϋχʔϙολʔʹط ͷ੬ऑੑͩͱࢥ͍ͬͯͨɻ खݩͷϩάͩͱ݄ʹࠟ༗Γ 28 ࢀߟใ Thousands of applications affected by a zero-day issue in jQuery File Upload plugin https://securityaffairs.co/wordpress/77245/hacking/jquery-file-upload-plugin-0day.html Having The Security Rug Pulled Out From Under You https://blogs.akamai.com/sitr/2018/10/having-the-security-rug-pulled-out-from-under-you.html