Security News
Google Protected Computing: Ensuring privacy and safety of data regardless of locationIn this Help Net Security interview, Royal Hansen, VP of Engineering for Privacy, Safety, and Security at Google, talks about Protected Computing, the impact of data protection regulations, and privacy in general. Researchers find hidden vulnerabilities in hundreds of Docker containersRezilion uncovered the presence of hundreds of Docker container images containing vulnerabilities that are not detected by most standard vulnerability scanners and SCA tools.
Rezilion uncovered the presence of hundreds of Docker container images containing vulnerabilities that are not detected by most standard vulnerability scanners and SCA tools. The research revealed numerous high-severity/critical vulnerabilities hidden in hundreds of popular container images, downloaded billions of times collectively.
Over 1,600 publicly available Docker Hub images hide malicious behavior, including cryptocurrency miners, embedded secrets that can be used as backdoors, DNS hijackers, and website redirectors. Docker Hub is a cloud-based container library allowing people to freely search and download Docker images or upload their creations to the public library or personal repositories.
A new cryptojacking campaign has been uncovered targeting vulnerable Docker and Kubernetes infrastructures as part of opportunistic attacks designed to illicitly mine cryptocurrency. Cybersecurity company CrowdStrike dubbed the activity Kiss-a-dog, with its command-and-control infrastructure overlapping with those associated with other groups like TeamTNT, which are known to strike misconfigured Docker and Kubernetes instances.
Malicious actors such as Kinsing are taking advantage of both recently disclosed and older security flaws in Oracle WebLogic Server to deliver cryptocurrency-mining malware. The Kinsing actors have also been involved in campaigns against container environments via misconfigured open Docker Daemon API ports to launch a crypto miner and subsequently spread the malware to other containers and hosts.
One of the many reasons why this is so is because of the tool's flexibility, and a perfect illustration of that is the ability to deploy your very own Bitwarden server using Docker. Why would you want to deploy your own Bitwarden server? You might have incredibly sensitive information that you only entrust to your internal teams.
One such platform is Odoo, which happens to be one of the most popular open-source ERP solutions on the market. The only thing you'll need to deploy Odoo is a running server that supports Docker.
For a second time in less than a year, the Travis CI platform for software development and testing has exposed user data containing authentication tokens that could give access to developers' accounts on GitHub, Amazon Web Services, and Docker Hub. Researchers at Aqua Security discovered that "Tens of thousands of user tokens" are exposed through the Travis CI API that offer access to more than 770 million logs with various types of credentials belonging to free tier users.
The WatchDog hacking group is conducting a new cryptojacking campaign with advanced techniques for intrusion, worm-like propagation, and evasion of security software. The hacking group targets exposed Docker Engine API endpoints and Redis servers and can quickly pivot from one compromised machine to the entire network.
How to create a Docker secret and use it to deploy a service. I'm going to show you how to create a secret with Docker and then how to use it to deploy a Docker service.