Docker Registries Expose Hundreds of Orgs to Malware, Data Theft

2020-02-10 16:25

"Although setting up a Docker registry server is straightforward, securing the communication and enforcing the access control requires extra configurations," the company said in a posting on Friday, explaining that researchers found the exposed registries via Shodan and Censys searches.

As the security firm explained, Docker registries are essentially cloud servers, which are used to store and organize Docker images.

In all, the research identified 941 Docker registries exposed to the internet and 117 registries accessible without authentication.

Docker registries allow the enablement management of images - users can "Pull" images; "Push" them; or delete them.

Out of the 117 unsecured registries uncovered by Palo Alto, 80 of them allowed the pull operation, 92 registries allowed the push operation and seven registries allowed the delete operation.

News URL

https://threatpost.com/docker-registries-malware-data-theft/152734/

#malware #docker

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Docker		24	3	26	28	16	73

News URL

Related news

Related vendor