Latest Docker news

Millions of Docker repos found pushing malware, phishing sites

Three large-scale campaigns have targeted Docker Hub users, planting millions of repositories designed to push malware and phishing sites since early 2021.
- Sergiu Gatlan
- April 30, 2024
- 01:32 PM
- 2
Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware

Hackers are targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware that automates the discovery and compromise of the hosts.
- Ionut Ilascu
- March 06, 2024
- 07:09 AM
- 0
Leaky Vessels flaws allow hackers to escape Docker, runc containers

Four vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system.
- Bill Toulas
- February 04, 2024
- 10:17 AM
- 0
Docker hosts hacked in ongoing website traffic theft scheme

A new campaign targeting vulnerable Docker services deploys an XMRig miner and the 9hits viewer app on compromised hosts, allowing a dual monetization strategy.
- Bill Toulas
- January 18, 2024
- 06:00 AM
- 0
Thousands of images on Docker Hub leak auth secrets, private keys

Researchers at the RWTH Aachen University in Germany published a study revealing that tens of thousands of container images hosted on Docker Hub contain confidential secrets, exposing software, online platforms, and users to a massive attack surface.
- Bill Toulas
- July 16, 2023
- 10:09 AM
- 0
Docker Hub repositories hide over 1,650 malicious containers

Over 1,600 publicly available Docker Hub images hide malicious behavior, including cryptocurrency miners, embedded secrets that can be used as backdoors, DNS hijackers, and website redirectors.
- Bill Toulas
- November 24, 2022
- 12:16 PM
- 0
TeamTNT hijacking servers to run Bitcoin encryption solvers

Threat analysts at AquaSec have spotted signs of TeamTNT activity on their honeypots since early September, leading them to believe the notorious hacking group is back in action.
- Bill Toulas
- September 18, 2022
- 10:07 AM
- 1
WatchDog hacking group launches new Docker cryptojacking campaign

The WatchDog hacking group is conducting a new cryptojacking campaign with advanced techniques for intrusion, worm-like propagation, and evasion of security software.
- Bill Toulas
- June 03, 2022
- 01:50 PM
- 0
Pro-Ukraine hackers use Docker images to DDoS Russian sites

Docker images with a download count of over 150,000 have been used to run distributed denial-of-service (DDoS) attacks against a dozen Russian and Belarusian websites managed by government, military, and news organizations.
- Bill Toulas
- May 04, 2022
- 06:14 AM
- 0
Docker servers hacked in ongoing cryptomining malware campaign

Docker APIs on Linux servers are being targeted by a large-scale Monero crypto-mining campaign from the operators of the Lemon_Duck botnet.
- Bill Toulas
- April 21, 2022
- 03:54 PM
- 0
TeamTNT hackers target your poorly configured Docker servers

Poorly configured Docker servers and being actively targeted by the TeamTNT hacking group in an ongoing campaign started last month.
- Bill Toulas
- November 09, 2021
- 03:57 PM
- 0
EasyWSL turns Linux docker images into a Windows 10 WSL distro

If you can't find your favorite Windows Subsystem for Linux distribution available in the Microsoft Store, a new program called EasyWSL can convert almost any Linux Docker image into a WSL distro.
- Lawrence Abrams
- August 15, 2021
- 10:21 AM
- 0
Twilio discloses impact from Codecov supply-chain attack

Cloud communications company Twilio has now disclosed that the recent Codecov supply-chain attack exposed a small number of Twilio's customer email addresses.
- Ax Sharma
- May 04, 2021
- 12:39 PM
- 0
Codecov starts notifying customers affected by supply-chain attack

Codecov has now started notifying the maintainers of software repositories affected by the recent supply-chain attack. These notifications, delivered via both email and the Codecov application interface, state that the company believes the affected repositories were downloaded by threat actors.
- Ax Sharma
- April 30, 2021
- 02:43 AM
- 0
HashiCorp is the latest victim of Codecov supply-chain attack

Open-source software tools and Vault maker HashiCorp has disclosed a security incident that occurred due to the recent Codecov attack. HashiCorp, a Codecov customer, has stated that the recent Codecov supply-chain attack aimed at collecting developer credentials led to the exposure of HashiCorp's GPG signing key.
- Ax Sharma
- April 24, 2021
- 02:16 AM
- 0
Hackers use legit tool to take over Docker, Kubernetes platforms

In a recent attack, cybercrime group TeamTNT relied on a legitimate tool to avoid deploying malicious code on compromised cloud infrastructure and still have a good grip on it.
- Ionut Ilascu
- September 08, 2020
- 02:20 PM
- 0
Cryptojacking worm steals AWS credentials from Docker systems

A cybercrime group known as TeamTNT is using a crypto-mining worm to steal plaintext AWS credentials and config files from compromised Docker and Kubernetes systems.
- Sergiu Gatlan
- August 18, 2020
- 11:39 AM
- 0
Sneaky Doki Linux malware infiltrates Docker cloud instances

Attackers are targeting misconfigured cloud-based docker instances running on Linux distributions with an undetectable strand of malware.
- Ax Sharma
- July 29, 2020
- 05:13 PM
- 0
Docker fixes Windows client bug letting programs run as SYSTEM

Docker fixed a security vulnerability in Docker for Windows that allowed attackers on the system to execute commands with the highest privileges.
- Ionut Ilascu
- May 22, 2020
- 01:10 PM
- 0
Misconfigured Docker Registries Expose Orgs to Critical Risks

Some organizations have improperly configured Docker registries exposed to the public web, leaving a door open for attackers to infiltrate and compromise operations.
- Ionut Ilascu
- February 07, 2020
- 03:10 PM
- 0