4 posts tagged with "Docker"

Four vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system.

The flaws were discovered by Snyk security researcher Rory McNamara in November 2023, who reported them to impacted parties for fixing.

Snyk has found no signs of active exploitation of the Leaky Vessels flaws in the wild, but the publicity could change the exploitation status, so all impacted system admins are recommended to apply the available security updates as soon as possible.

Three large-scale malware campaigns have infiltrated Docker Hub, deploying millions of malicious “imageless” containers.

The data comes from JFrog’s security research team, which recently revealed a concerning trend within Docker Hub.

The platform, known for facilitating Docker image development, collaboration and distribution, hosts over 12.5 million repositories. However, according to JFrog, approximately 25% of these repositories lack useful functionality and serve instead as vehicles for spam, pirated content promotion and malware dissemination.

Exposed Docker API endpoints over the internet are under assault from a sophisticated cryptojacking campaign called Commando Cat.

Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the 9Hits Viewer software as part of a multi-pronged monetization strategy.