Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious “imageless” containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks. “Over four million of the repositories in Docker Hub are imageless and have no content except for the repository documentation,” […]
Rules_oci, an open-sourced Bazel plugin (“ruleset”) that makes it easier and more secure to create container images using Bazel, has been made generally available by Google. It provides support for both the container community and container image security. Bazel maintains dependencies and caches them according to their integrity hash, making it ideally suited to provide […]
Researchers at TrendMicro have uncovered a new risk to Docker containers, a piece of malware that they have called “TrafficStealer.” The purpose of this program is to earn income by influencing web traffic and ad interaction via the use of containers. The danger was recognized for the first time when it was discovered that one […]
Using Windows Server in a “Windows container”? Then beware of it, as recently, it has been confirmed that highly sophisticated malware has been active for over a year. The cybersecurity researchers at Palo Alto Networks Unit 42 have recently discovered a new malware, known as, “Siloscape,” and it uses Windows containers to access Kubernetes clusters. […]
A group of researchers has found a new malware variant designed to breach the security of Windows containers in order to reach Kubernetes clusters. Identified as Siloscape, experts describe this malware variant as something unusual due to its complex features. The report, prepared by Palo Alto Networks, notes that Siloscape was detected in early March, […]
Security researchers have discovered the first known malware, dubbed “Siloscope,” targeting Windows Server containers to infect Kubernetes clusters in cloud environments. “Siloscape is heavily obfuscated malware targeting Kubernetes clusters through Windows containers,” said Unit 42 researcher Daniel Prizmant. “Its main purpose is to open a backdoor into poorly configured Kubernetes clusters in order to run […]
Researchers discovered a critical vulnerability in Docker that allows an attacker to take complete control of the host and the containers associated with it. The Docker vulnerability resides in the copy command (cp) used in containers platforms such as Docker, Podman, and Kubernetes. This command can be used to copy files & folders between the […]
Dockernymous is a start script for Docker that runs and configures two individual Linux containers in order to act as an anonymization workstation-gateway set up. t’s aimed towards experienced Linux/Docker users, security professionals and penetration testers! The gateway container acts as a Anonymizing Middlebox (see https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy) and routes ALL traffic from the workstation container through […]
A serious security vulnerability has been discovered in the core runC container code that affects several open-source container management systems, potentially allowing attackers to escape Linux container and obtain unauthorized, root-level access to the host operating system. The vulnerability, identified as CVE-2019-5736, was discovered by open source security researchers Adam Iwaniuk and Borys Popławski and publicly […]
The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production. The tests are all automated, and are inspired by the CIS Docker Community Edition Benchmark v1.1.0. We are releasing this as a follow-up to our Understanding Docker Security and Best Practices blog post. We […]
LAS VEGAS—A novel attack vector allows for adversaries to abuse the Docker API to hide malware on targeted systems, and even execute remote code. The proof of concept attack was developed by researchers at Aqua Security, and the technique was first demonstrated today at Black Hat by Sagie Dulce, senior security researcher, with Aqua Security. […]
Mobile security experts from Skycure have found two methods for bypassing the security containers put around “Android for Work,” allowing attackers to access business data saved in this seemingly secure environment. “Android for Work” is a security mechanism that Google added in Android with version 5.0 (Lollipop), which it launched in 2015. Currently rebranded under […]
Short Bytes: HypriotOS 1.0.0 release recently arrived. It enables you to run Docker containers on entire Raspberry Pi family. HypriotOS is a Debian derivative that comes with out of the box Docker Engine 1.12.1. You need to simply install HypriotOS on your SD card using Hypriot flash tool and run a couple of commands to get this OS up and […]
Short Bytes: The latest Windows 10 Insider Build has brought Hyper-V container support to Windows. This will allow a user to run Linux-based Docker containers natively on Windows 10 operating system. Microsoft has also shared a quick-start guide to help you deploy your first container. In my previous post on Windows 10, I told you […]
Short Bytes: Linux containers (LXC) are very popular these days among developers and companies (perhaps due to Docker, which leverages LXC on the back-end). LXC, as a lightweight, serves as an alternative to full machine virtualization such as those provided by “traditional” hypervisors like VirtualBox, VMWare, KVM, Xen, or ESXi. Today, we are starting a complete […]