Security News > 2020 > February > Docker Registries Expose Hundreds of Orgs to Malware, Data Theft
"Although setting up a Docker registry server is straightforward, securing the communication and enforcing the access control requires extra configurations," the company said in a posting on Friday, explaining that researchers found the exposed registries via Shodan and Censys searches.
As the security firm explained, Docker registries are essentially cloud servers, which are used to store and organize Docker images.
In all, the research identified 941 Docker registries exposed to the internet and 117 registries accessible without authentication.
Docker registries allow the enablement management of images - users can "Pull" images; "Push" them; or delete them.
Out of the 117 unsecured registries uncovered by Palo Alto, 80 of them allowed the pull operation, 92 registries allowed the push operation and seven registries allowed the delete operation.
News URL
https://threatpost.com/docker-registries-malware-data-theft/152734/