March 6, 2024 at 11:27AM Cado Security warns of a cryptojacking campaign targeting misconfigured Apache Hadoop, Confluence, Docker, and Redis instances with unique Golang payloads. Attackers use reverse shells, rootkits, and various scripts to exploit vulnerabilities. The extensive attack demonstrates the variety of techniques used to exploit cloud and Linux services, as well as keeping … Read more
November 14, 2023 at 07:33AM Threat actors are targeting publicly-accessible Docker Engine API instances to create a DDoS botnet called OracleIV. Attackers exploit the misconfiguration to install a malicious Docker container, which contains Python malware. The container also retrieves a shell script from a command-and-control (C&C) server. Cloud security firm Cado observed no evidence of … Read more
October 12, 2023 at 09:59AM The recently fixed vulnerabilities in the command-line tool curl and the libcurl library require security teams to identify and remediate impacted systems. The vulnerabilities can only be exploited under specific conditions. Organizations should scan their environment using software analysis tools to assess which systems are using curl and libcurl. Additionally, … Read more