SEARCH
Archive
Lemon Duck Botnet Targets Exposed Docker APIs
The prolific botnet, which previously targeted vulnerable Microsoft Exchange servers, is now gaining initial access via exposed Docker APIs.
Software Supply Chain Woes Afflict DockerHub, Too
Threat analysis firm Prevasio scanned the entire DockerHub and found that 51 percent of all container images had at least one critical vulnerability and 13 percent had at least one high-severity vulnerability. Researchers also identified 6,433 images that were malicious or potentially harmful.
Attackers Use Cloud Tool to Target Docker, Kubernetes
An attack group TeamTNT is using Weave Scope, an open source cloud monitoring and control tool to compromise Docker and Kubernetes instances as part of a cryptocurrency mining operation, security company Intezer said.
Docker Bug Allows Root Access to Host File System
A vulnerability in all versions of the Docker platform can give an attacker full read and write access to the host file system.
Docker Hub Breach Can Have a Long Reach
Docker revoked tokens linking GitHub and Bitbucket with Docker Hub accounts after discovering "unauthorized access" in its Hub database. Developers should check their code to ensure no unauthorized changes have been made.