Recherche : [docker] - Cyberveille

Nearly 20% of Docker Hub Repositories Spread Malware & Phishing Scams https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/

01/05/2024 09:38:21

Attackers are using Docker Hub for malicious campaigns of various types, including spreading malware, phishing and scams. Read the analysis of 3 malware campaigns.

Leaky Vessels flaws allow hackers to escape Docker, runc containers https://www.bleepingcomputer.com/news/security/leaky-vessels-flaws-allow-hackers-to-escape-docker-runc-containers/

04/02/2024 16:43:29

Four vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system.

The flaws were discovered by Snyk security researcher Rory McNamara in November 2023, who reported them to impacted parties for fixing.

Snyk has found no signs of active exploitation of the Leaky Vessels flaws in the wild, but the publicity could change the exploitation status, so all impacted system admins are recommended to apply the available security updates as soon as possible.

Attackers Use Containers for Profit via TrafficStealer https://www.trendmicro.com/en_us/research/23/d/attackers-use-containers-for-profit-via-trafficstealer.html

26/04/2023 21:29:42

We found TrafficStealer abusing open container APIs in order to redirect traffic to specific websites and manipulate engagement with ads.

New Kiss-a-dog Cryptojacking Campaign Targets Docker and Kubernetes https://www.crowdstrike.com/blog/new-kiss-a-dog-cryptojacking-campaign-targets-docker-and-kubernetes/

22/12/2022 10:08:41

CrowdStrike has uncovered a new cryptojacking campaign targeting vulnerable Docker and Kubernetes infrastructure using an obscure domain from the payload, container escape attempt and anonymized “dog” mining pools.

Called “Kiss-a-dog,” the campaign used multiple command-and-control (C2) servers to launch attacks that attempted to mine cryptocurrency, utilize user and kernel mode rootkits to hide the activity, backdoor compromised containers, move laterally in the network and gain persistence.

The CrowdStrike Falcon® platform helps protect organizations of all sizes from sophisticated breaches, including cryptojacking campaigns such as this.

8220 Gang Massively Expands Cloud Botnet to 30,000 Infected Hosts https://www.sentinelone.com/blog/from-the-front-lines-8220-gang-massively-expands-cloud-botnet-to-30000-infected-hosts/

22/07/2022 09:16:08

Low-level crimeware gang has been exploiting misconfigured and publicly accessible Docker and other cloud instances with roaring success.

LemonDuck botnet plunders Docker cloud instances in cryptocurrency crime wave https://www.zdnet.com/article/lemonduck-botnet-plunders-docker-cloud-instances-in-cryptocurrency-crime-wave/?taid=62650e16e7253e000130e7db

24/04/2022 10:59:54

Operators of the LemonDuck botnet are targeting Docker instances in a cryptocurrency mining campaign.

Escaping privileged containers for fun https://pwning.systems/posts/escaping-containers-for-fun/

07/03/2022 08:22:11

Despite the fact that it is not a 'real' vulnerability, escaping privileged Docker containers is nevertheless pretty funny. And because there will always be people who will come up with reasons or excuses to run a privileged container (even though you really shouldn't), this could really be handy at some point in the future

New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape? https://unit42.paloaltonetworks.com/cve-2022-0492-cgroups/

05/03/2022 20:09:41

On Feb. 4, Linux announced CVE-2022-0492, a new privilege escalation vulnerability in the kernel. CVE-2022-0492 marks a logical bug in control groups (cgroups), a Linux feature that is a fundamental building block of containers. The issue stands out as one of the simplest Linux privilege escalations discovered in recent times: The Linux kernel mistakenly exposed a privileged operation to unprivileged users.

Liens par page

Filtres