Security News

Akamai security researcher Larry Cashdollar set up the Docker image to see what kind of notice it might attract from the wider web's cadre of cyberattackers. Accordingly, the Docker image soon came under fire, as outlined in a Wednesday analysis.

The Docker cloud containerization technology is under fire, with an organized, self-propagating cryptomining campaign targeting misconfigured open Docker Daemon API ports. The attack pattern starts with the attackers identifying a misconfigured Docker API port that has been left open to the public internet.

Cloud security company Rezilion has analyzed some of the most popular Docker container images and determined that while they include many vulnerabilities, less than half of these flaws pose an actual risk. Rezilion's researchers have analyzed 20 of the most popular container images hosted on DockerHub, the largest library and community for container images.

Thousands of code repositories were found exposed in over one hundred Docker registries that are accessible from the Internet without authentication, Palo Alto Network reports. Docker registries are servers where Docker images are stored and organized into repositories, with each repo containing images of one application and multiple versions of the application, each with a unique tag.

"Although setting up a Docker registry server is straightforward, securing the communication and enforcing the access control requires extra configurations," the company said in a posting on Friday, explaining that researchers found the exposed registries via Shodan and Censys searches. As the security firm explained, Docker registries are essentially cloud servers, which are used to store and organize Docker images.

Learn how to avoid saving your Docker login credentials in plain text by creating an encrypted credential storage.

Learn how to avoid saving your Docker login credentials in plain text by creating an encrypted credential storage. I want to walk you through the process of enabling secure credential storage in Docker.

With 2FA enabled on your Docker Hub account, you'll find you cannot access it with your user password from within the CLI. Jack Wallen shows you how to make this work.

With 2FA enabled on your Docker Hub account, you'll find you cannot access it with your user password from within the CLI. Jack Wallen shows you how to make this work. If you've recently added two-factor authentication to your Docker Hub account, you've more than likely run into a situation where you can no longer access the account from the command line using the standard username/password credentials.

If you're concerned about the security of your code within Docker Hub, you might want to enable two-factor authentication.