Security News
Publicly-accessible Docker Engine API instances are being targeted by threat actors as part of a campaign designed to co-opt the machines into a distributed denial-of-service botnet dubbed OracleIV. "Attackers are exploiting this misconfiguration to deliver a malicious Docker container, built from an image named 'oracleiv latest' and containing Python malware compiled as an ELF executable," Cado researchers Nate Bill and Matt Muir said. The malicious activity starts with attackers using an HTTP POST request to Docker's API to retrieve a malicious image from Docker Hub, which, in turn, runs a command to retrieve a shell script from a command-and-control server.
How to Create and Use a Docker Secret From a File In this step-by-step tutorial, learn how to create and use a Docker secret to help keep your data secure. I will show how to create a secret from a file and then use that secret to deploy a service.
Researchers at the RWTH Aachen University in Germany published a study revealing that tens of thousands of container images hosted on Docker Hub contain confidential secrets, exposing software,...
In this TechRepublic How to Make Tech Work tutorial, Jack Wallen shows you how to add the Docker Scout feature to the Docker CLI. You might have heard of Docker Scout, which is an image analyzer that ships with Docker Desktop. This tool makes it easy for developers to view vulnerabilities found in Docker images.
Docker will soon be rolling out a new feature, called Docker Scout, that makes it really easy to scan your local images for vulnerabilities as well as understanding application dependencies. Let me show you how easy it is to scan an image for vulnerabilities with this new feature.
Google Protected Computing: Ensuring privacy and safety of data regardless of locationIn this Help Net Security interview, Royal Hansen, VP of Engineering for Privacy, Safety, and Security at Google, talks about Protected Computing, the impact of data protection regulations, and privacy in general. Researchers find hidden vulnerabilities in hundreds of Docker containersRezilion uncovered the presence of hundreds of Docker container images containing vulnerabilities that are not detected by most standard vulnerability scanners and SCA tools.
Rezilion uncovered the presence of hundreds of Docker container images containing vulnerabilities that are not detected by most standard vulnerability scanners and SCA tools. The research revealed numerous high-severity/critical vulnerabilities hidden in hundreds of popular container images, downloaded billions of times collectively.
Over 1,600 publicly available Docker Hub images hide malicious behavior, including cryptocurrency miners, embedded secrets that can be used as backdoors, DNS hijackers, and website redirectors. Docker Hub is a cloud-based container library allowing people to freely search and download Docker images or upload their creations to the public library or personal repositories.
A new cryptojacking campaign has been uncovered targeting vulnerable Docker and Kubernetes infrastructures as part of opportunistic attacks designed to illicitly mine cryptocurrency. Cybersecurity company CrowdStrike dubbed the activity Kiss-a-dog, with its command-and-control infrastructure overlapping with those associated with other groups like TeamTNT, which are known to strike misconfigured Docker and Kubernetes instances.
Malicious actors such as Kinsing are taking advantage of both recently disclosed and older security flaws in Oracle WebLogic Server to deliver cryptocurrency-mining malware. The Kinsing actors have also been involved in campaigns against container environments via misconfigured open Docker Daemon API ports to launch a crypto miner and subsequently spread the malware to other containers and hosts.