December 3, 2024 at 01:48PM Trend Micro Research reports a shift in Gafgyt malware targeting misconfigured Docker Remote API servers, previously focusing on IoT devices. Attackers deploy malware via Docker containers, enabling DDoS attacks. Recommendations for securing servers include strong access controls, regular monitoring, and educating personnel on best practices. ### Meeting Takeaways **Key Report … Read more
December 3, 2024 at 04:49AM Trend Micro Research reports that Gafgyt malware is now targeting misconfigured Docker Remote API servers, a shift from its traditional focus on IoT devices. This allows attackers to deploy DDoS attacks. Recommendations include strengthening access controls, monitoring activities, and ensuring adherence to container security best practices. ### Meeting Takeaways on … Read more
October 23, 2024 at 10:36PM Trend Micro researchers report that attackers are exploiting exposed Docker Remote API servers to deploy perfctl cryptomining malware. These vulnerabilities allow unauthorized access and control over Linux servers. To mitigate risks, organizations should implement strong access controls, monitor for suspicious activities, and adhere to container security best practices. ### Meeting … Read more
October 22, 2024 at 10:30AM Trend Micro reports attacks on Docker remote API servers, deploying SRBMiner to mine XRP cryptocurrency. Attackers use the gRPC protocol over h2c to bypass security measures. They probe for public Docker APIs, upgrade connections, and execute malicious commands. Users are advised to enhance security measures to prevent unauthorized access. **Meeting … Read more
October 22, 2024 at 05:46AM Trend Micro researchers report a cyberattack targeting Docker remote API servers to deploy the SRBMiner cryptominer for mining XRP cryptocurrency. The attacker exploited the gRPC protocol over h2c to bypass security measures, checked Docker API availability, and deployed the miner, emphasizing the need for improved security configurations in Docker environments. … Read more
September 27, 2024 at 03:56PM NVIDIA released an update to fix a critical vulnerability in its NVIDIA Container Toolkit, affecting versions up to v1.16.1. The CVE-2024-0132 vulnerability, with a CVSS v3.1 rating of 9.0, could lead to various threats if exploited. Trend Vision One™ offers proactive protection and scanning for this vulnerability to prevent attacks. … Read more
September 27, 2024 at 02:48AM A security flaw in NVIDIA Container Toolkit (CVE-2024-0132) allows threat actors to escape container confines and access the underlying host. The vulnerability affects NVIDIA Container Toolkit v1.16.1 and earlier, and NVIDIA GPU Operator up to 24.6.1. Addressed in versions v1.16.2 and 24.6.2, the flaw poses potential risks and requires immediate … Read more
August 20, 2024 at 06:40AM Cybersecurity researchers have identified a security flaw in Microsoft Azure Kubernetes Services, allowing attackers to escalate privileges and access service credentials. The bug affects clusters using “Azure CNI” for network configuration and “Azure” for network policy. Microsoft has addressed the issue. Other high-severity flaws in Kubernetes platforms have been reported, … Read more
July 25, 2024 at 01:57AM Docker warns of a critical vulnerability (CVE-2024-41110) in certain versions of Docker Engine, allowing attackers to bypass authorization plugins with maximum severity. It was regressed since 2018 but resolved in versions 23.0.14 and 27.1.0. Docker Desktop up to 4.32.0 is affected, with a fix expected in the next release. Users … Read more
June 6, 2024 at 03:59AM Summary: A novel cryptojacking attack campaign called Commando Cat exploits exposed Docker remote API servers to deploy cryptocurrency miners using Docker images from the open-source Commando project. Malicious actors use the cmd.cat/chattr image to gain initial access, employing techniques like chroot and volume binding to access the host system. Recommendations … Read more