Security News
Container security company Prevasio has analyzed 4 million public Docker container images hosted on Docker Hub and found that over half of them had critical vulnerabilities and thousands of images included malicious or potentially harmful elements. The cybersecurity firm used its Prevasio Analyzer service to analyze all the container images on Docker Hub, the largest library and community for container images.
Researchers first discovered Xanthe targeting a honeypot, which they created with the aim of discovering Docker threats. Misconfigured Docker servers are another way that Xanthe spreads.
Canonical, the publisher of the Ubuntu Linux distribution, announced on Tuesday that it has made available long-term support container images on Docker Hub, promising up to 10 years of security maintenance. Some of these hardened images have a five-year free security maintenance period - the standard security maintenance of the underlying Ubuntu LTS - while customers of Ubuntu Pro are provided access to ten-year Extended Security Maintenance images.
Docker Enterprise Container Cloud offers enterprises unprecedented speed to ship code faster on public clouds and on premise infrastructure. "Docker Enterprise Container Cloud and Lens will enable businesses to streamline delivery of hundreds of daily deployments across thousands of apps, overcoming the complexity of Kubernetes development at enterprise scale," said Mirantis customer Don Bauer, Docker Captain and VP Technology Services / DevOps Manager.
A fresh Linux backdoor called Doki is infesting Docker servers in the cloud, researchers warn, employing a brand-new technique: Using a blockchain wallet for generating command-and-control domain names. The campaign starts with an increasingly common attack vector: The compromise of misconfigured Docker API ports.
Cybersecurity researchers today uncovered a completely undetectable Linux malware that exploits undocumented techniques to stay under the radar and targets publicly accessible Docker servers hosted with popular cloud platforms, including AWS, Azure, and Alibaba Cloud. According to the latest research Intezer shared with The Hacker News, an ongoing Ngrok mining botnet campaign scanning the Internet for misconfigured Docker API endpoints and has already infected many vulnerable servers with new malware.
Cybersecurity researchers today uncovered a completely undetectable Linux malware that exploits undocumented techniques to stay under the radar and targets publicly accessible Docker servers hosted with popular cloud platforms, including AWS, Azure, and Alibaba Cloud. According to the latest research Intezer shared with The Hacker News, an ongoing Ngrok mining botnet campaign scanning the Internet for misconfigured Docker API endpoints and has already infected many vulnerable servers with new malware.
With Docker gaining popularity as a service to package and deploy software applications, malicious actors are taking advantage of the opportunity to target exposed API endpoints and craft malware-infested images to facilitate distributed denial-of-service attacks and mine cryptocurrencies. According to a report published by Palo Alto Networks' Unit 42 threat intelligence team, the purpose of these Docker images is to generate funds by deploying a cryptocurrency miner using Docker containers and leveraging the Docker Hub repository to distribute these images.
The distributed denial-of-service botnets named XORDDoS and Kaiji recently started targeting exposed Docker servers, Trend Micro warned on Monday. Trend Micro has recently spotted variants that also target Docker servers.
Docker has fixed a vulnerability that could have allowed an attacker to gain control of a Windows system using its service. The bug, discovered by Ceri Coburn, a researcher at security consultancy Pen Test Partners, exposed Docker for Windows to privilege elevation.