CTO Universe

Docker Hub Users Targeted With Imageless, Malicious Repositories

Ooda Loop

MAY 1, 2024

Security researchers at JFrog have discovered three large-scale campaigns targeting Docker Hub with repositories devoid of container images, instead containing malicious metadata. Docker Hub, a platform for Docker image development, hosts over 15 million repositories and is popular among developers globally.

Research

Research Development

Container Escape: New Vulnerabilities Affecting Docker and RunC

Prisma Clud

FEBRUARY 5, 2024

A recent discovery identifies critical vulnerabilities affecting Docker and other container engines. Collectively called "Leaky Vessels", the vulnerabilities pose a significant threat to the isolation that containers inherently provide from their host operating systems.

Technical Review

Technical Review Software Review Systems Review Cloud

Podman, the free container engine alternative to Docker

Xebia

JANUARY 31, 2022

Containerization is powering the next wave to the cloud, with Docker as the software for interacting with the container ecosystem. Per the 31st of January 2022 Docker Desktop will, however, no longer be free for large enterprises. Docker image instead of container image). . Docker Desktop.

Engineering

Engineering Linux Open Source Architecture

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Podman, the free container engine alternative to Docker

Xebia

JANUARY 31, 2022

Containerization is powering the next wave to the cloud, with Docker as the software for interacting with the container ecosystem. Per the 31st of January 2022 Docker Desktop will, however, no longer be free for large enterprises. Docker image instead of container image). . Docker Desktop.

Engineering

Engineering Linux Open Source Architecture

Analyzing the GitHub marketplace – Dependency security is a big issue

Xebia

DECEMBER 16, 2023

That means there is lots of community engagement for creating these actions for us, but also lots of potential for malicious actors to create actions that can be used to compromise our systems. Type of Action Count Percentage Node based 4,7k 45% Docker based 3.7k It is a YAML file that contains all the information about the action.

Analysis

Analysis Examples Course Serverless

Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions Workflows

Prisma Clud

AUGUST 30, 2023

This practice ensures consistent use of the action’s version, helping to prevent supply chain attacks involving the introduction of malicious code into external software used by your project — in this case, a third-party action. This image will be run and used as the workflow’s execution environment.

Software Review

Software Review Systems Review Open Source Resources

Taking TeamTNT’s Docker Images Offline

Lacework

MAY 25, 2021

The Takeaways TeamTNT targets exposed Docker API to deploy malicious images. Docker images containing TeamTNT malware are being hosted in public Docker repos via account takeovers. TeamTNT leverages exposed Docker hub secrets within GitHub to stage malicious Docker images.

Malware

Taking TeamTNT’s Docker Images Offline

Lacework

MAY 25, 2021

The Takeaways TeamTNT targets exposed Docker API to deploy malicious images. Docker images containing TeamTNT malware are being hosted in public Docker repos via account takeovers. TeamTNT leverages exposed Docker hub secrets within GitHub to stage malicious Docker images.

Malware

Threat Alert: Attacker Building Malicious Images Directly on Your Host

Aqua Security

JULY 15, 2020

We at Team Nautilus - Aqua’s cyber security research team - discovered a new type of attack against container infrastructure. The attacker exploits a misconfigured Docker API port in order to build and run a malicious container image on the host.

Infrastructure

Infrastructure Research Analysis

How to make your web application more secure by using Dynamic Application Security Testing (DAST) – PART 2 of Application Security Testing series

Xebia

FEBRUARY 17, 2023

A DAST tool scans by sending HTTP Requests with malicious payloads and analyzes the corresponding HTTP Responses to identify potential vulnerabilities. However, make sure the DAST tool you want to use, contains policies/rules that define vulnerability types that are important to your context. You can download Docker here.

Applications

Applications Testing Authentication How To

Agentless Workload Scanning Gets Supercharged with Malware Scanning

Prisma Clud

JUNE 22, 2023

Enterprises taking advantage of cloud-native architectures now have 53% of their cloud workloads hosted on public clouds, according to our recent State of Cloud-Native Security Report 2023. Using WildFire in 2021 to analyze malicious files, our threat research team discovered a 73% increase in Cobalt Strike malware samples compared to 2020.

Malware

Malware Linux Windows Operating System

Containers vs virtual machines: what is the difference?

CircleCI

OCTOBER 11, 2022

Virtualization is the technology on which many popular development tools like containers and virtual machines (VMs) are built. In this article, you will learn the difference between containers and VMs, the important role each plays in modern software development, and how you can incorporate containers and VMs in your development pipelines.

Virtualization

Virtualization Microservices Hardware Resources

New Lacework report reveals increase in sophisticated cloud attacks

Lacework

MARCH 29, 2022

Docker APIs continue to be an enticing and abundant target for adversaries. Specifically, compromising Docker sockets and deploying malicious container images, some of which are being downloaded and deployed by thousands of unsuspecting users, ultimately leading to cryptomining infections. Cloud Security Posture.

Report

Report Cloud Malware Linux

The Anatomy of an Attack Against a Cloud Supply Pipeline

Palo Alto Networks

OCTOBER 11, 2021

The most recent Unit 42 Cloud Threat Report contains the high-level results of a red team exercise performed against a SaaS customer’s continuous integration and continuous development (CI/CD) pipeline. This brings us to malicious attackers. The organization did not have these security measures enabled on their other 49+ AWS accounts.

Cloud

Cloud Exercises Weak Development Team AWS

How developers can prevent bad actors

Lacework

MAY 10, 2022

Docker and Kubernetes have simplified the development process, so developers can now write new applications and deploy them in multiple places at scale. Create a registry of pre-approved images to use in your code. To prevent this, it’s important for developers to use only approved images in their code.

Weak Development Team

Weak Development Team Development DevOps Malware

Simplifying your CI/CD build pipeline to GKE with CircleCI orbs

CircleCI

JULY 11, 2019

This article assumes that you have a fundamental understanding of the following technologies and tools: Docker - Used to create, deploy, and run applications using containers. Docker provides repeatable development, build, test, and production environments. Create a container cluster on GKE with the name circle-ci-cluster.

Google Cloud

Google Cloud Applications Open Source Cloud

World Wide Wasm: Low Hanging Fruit

Xebia

JULY 20, 2023

The inaugural Wasm I/O conference was hosted in Barcelona, it has become significant enough for the Cloud Native Computing Foundation to dedicate a day to it at CloudNativeCon , and Docker has released their second technical preview for the holy union of containers and Wasm. Ok, let’s dispense with the setup.

Serverless

Serverless Software Review Technical Review Systems Review

Making it Rain - Cryptocurrency Mining Attacks in the Cloud

AlienVault

MARCH 14, 2019

Compromised Container Management Platforms. We've seen attackers using open APIs and unauthenticated management interfaces to compromise container management platforms. The report details the container commands showing the malicious request. Following the attention of the report by RedLock, the owners of xaxaxa[.]eu

Cloud

Cloud AWS Malware Infrastructure

Ten tips for building a vulnerability management pipeline

Lacework

APRIL 6, 2022

The Log4j vulnerability was a good reminder that securing cloud-native applications start with using safe container images free of critical vulnerabilities. A good container image pipeline not only reduces the number of vulnerabilities present in running containers, but it also helps companies to quickly respond to such emergencies.

Software Review

Software Review Policies Continuous Integration Testing

CVE-2019-14271: Proof of Concept for Docker Copy (docker cp) Vulnerability Released

Tenable

NOVEMBER 21, 2019

Proof-of-concept (PoC) code for a security flaw in Docker, the popular containerization platform, is now public. On November 19, researchers at Unit 42, Palo Alto Networks’ research team, published their analysis of a severe vulnerability in the popular container deployment platform, Docker. Background. Proof of concept.

Analysis

Analysis Research Network Video

Triggering trusted CI jobs on untrusted forks

CircleCI

MAY 21, 2019

This causes a problem if you want a Continuous Integration service to run tests that need access to credentials or sensitive data as a malicious developer could propose code that exposes the credentials to CI logs. jobs : test : docker : - image : circleci/openjdk:8u171-jdk. Marking code as trusted by pushing upstream.

Software Review

Software Review Technical Review Systems Review Testing

The Best 39 Development Tools

Codegiant

NOVEMBER 9, 2020

Graphical reports in Jira cannot be downloaded as images. Using other methods alters the resolution of the images. Hosted git repositories. Features Self-contained, platform-agnostic, Java-based program, ready to run with packages for multiple popular operating systems. Limited file size upload. Performance tracker.

Software Review

Software Review Tools Weak Development Team Development

The Best 40 Development Tools

Codegiant

NOVEMBER 9, 2020

Graphical reports in Jira cannot be downloaded as images. Using other methods alters the resolution of the images. Hosted git repositories. Features Self-contained, platform-agnostic, Java-based program, ready to run with packages for multiple popular operating systems. Limited file size upload. Performance tracker.

Software Review

Software Review Weak Development Team Tools Development

CTO Universe

Docker Hub Users Targeted With Imageless, Malicious Repositories

Container Escape: New Vulnerabilities Affecting Docker and RunC

Webinars

Trending Sources

Podman, the free container engine alternative to Docker

Webinars

Podman, the free container engine alternative to Docker

Analyzing the GitHub marketplace – Dependency security is a big issue

Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions Workflows

Taking TeamTNT’s Docker Images Offline

Taking TeamTNT’s Docker Images Offline

Threat Alert: Attacker Building Malicious Images Directly on Your Host

How to make your web application more secure by using Dynamic Application Security Testing (DAST) – PART 2 of Application Security Testing series

Agentless Workload Scanning Gets Supercharged with Malware Scanning

Containers vs virtual machines: what is the difference?

New Lacework report reveals increase in sophisticated cloud attacks

The Anatomy of an Attack Against a Cloud Supply Pipeline

How developers can prevent bad actors

Simplifying your CI/CD build pipeline to GKE with CircleCI orbs

World Wide Wasm: Low Hanging Fruit

Making it Rain - Cryptocurrency Mining Attacks in the Cloud

Ten tips for building a vulnerability management pipeline

CVE-2019-14271: Proof of Concept for Docker Copy (docker cp) Vulnerability Released

Triggering trusted CI jobs on untrusted forks

The Best 39 Development Tools

The Best 40 Development Tools

Stay Connected