Over 1,600 publicly available Docker Hub images hide malicious behavior, including cryptocurrency miners, embedded secrets that can be used as backdoors, DNS hijackers, and website redirectors.
Docker Hub is a cloud-based container library allowing people to freely search and download Docker images or upload their creations to the public library or personal repositories.
Docker images are templates for the quick and easy creation of containers that contain ready-to-use code and applications. Therefore, those looking to set up new instances often turn to Docker Hub to quickly find an easily deployable application.
Unfortunately, due to abuse of the service by threat actors, over a thousand malicious uploads introduce severe risks to unsuspecting users deploying malware-laden images on locally hosted or cloud-based containers.
Cybercriminals are increasingly shifting from automated scam-as-a-service to more advanced info stealer malware distributors as the competition for resources increases, and they look for new way to make profits, according to a report by Group-IB.
The cybersecurity company has identified 34 Russian-speaking groups distributing info-stealing malware under the stealer-as-a-service model.
Info stealer malware collects users’ credentials stored in browsers, gaming accounts, email services, social media, bank card details, and crypto wallet information from infected computers, and sends the data to the malware operator. This data is then sold or used for fraud on the dark web.
The British government has banned departments from installing at sensitive locations surveillance cameras manufactured by Chinese companies due to potential information security issues, and is facing calls to ban them entirely from the public sector.
Announcing the findings of a security review on Thursday, the Cabinet Secretary Oliver Dowden said that the restrictions were being introduced “in light of the threat to the UK and the increasing capability and connectivity of these systems.”
Not only will the equipment be disallowed from sensitive sites, departments have also been advised that the same equipment should never be connected to core networks if installed elsewhere. The updated guidance also encourages departments to consider stripping the cameras out from less sensitive sites too to avoid introducing additional risks.
Cybersecurity technology goes hand in hand with policy-based governance, but simply developing a password policy to protect company data and information is not enough. One of the first steps to successfully implementing a privileged access management (PAM) solution is defining clear and consistent policies that everyone who uses and manages privileged accounts understands and accepts.
Let`s see what a privileged access management (PAM) policy is and why organizations need one.
The Donut (D0nut) extortion group has been confirmed to deploy ransomware in double-extortion attacks on the enterprise.
BleepingComputer first reported on the Donut extortion group in August, linking them to attacks on Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando.
Strangely, the data for Sando and DESFA was also posted to several ransomware operations’ sites, with the Sando attack claimed by Hive ransomware and DESFA claimed by Ragnar Locker.
Unit 42 researcher Doel Santos also shared that the TOX ID used in ransom notes was seen in samples of the HelloXD ransomware.
This cross-posting of stolen data and affiliation leads us to believe the threat actor behind Donut Leaks is an affiliate for numerous operations, now trying to monetize the data in their own operation.