all InfoSec news
Taking the Elevator down to ring 0
Malware Analysis, News and Indicators - Latest topics malware.news
Executive Summary
The Black Lotus Labs team has discovered a highly unique piece of malware designed to compromise the security of the extended Berkeley Packet Filter (eBPF) functionality in the Linux kernel of container-based operating systems, like CoreOS. eBPF is a programmable framework that allows users to run code within the kernel of Linux systems, without having to write a kernel-specific module. Named “Elevator” by the malware author, it was created to escape the security restrictions of containers and allow …
berkeley packet filter black lotus black lotus labs code compromise container down ebpf executive extended berkeley packet filter filter framework kernel labs linux linux kernel malware operating systems packet piece ring run security systems team