Tag: docker
-
Getting the Most Value Out of the OSCP: The PEN-200 Labs
by
in SecurityNews
Tags: access, ai, attack, compliance, container, cyber, cybersecurity, dns, docker, exploit, firewall, guide, hacking, Hardware, infrastructure, intelligence, jobs, kubernetes, microsoft, mitigation, network, open-source, oracle, penetration-testing, powershell, risk, security-incident, service, siem, skills, technology, tool, training, vmware, vulnerability, windowsHow to leverage the PEN-200 simulated black-box penetration testing scenarios for maximal self-improvement and career success. Disclaimer: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements. I have not been sponsored or incentivized in any way to recommend or oppose any…
-
Software Bill of Material umsetzen: Die besten SBOM-Tools
by
in SecurityNews
Tags: api, business, compliance, container, cyberattack, data, docker, gartner, github, gitlab, healthcare, linux, monitoring, open-source, risk, saas, sbom, service, software, tool, update, vulnerabilityNur wenn Sie wissen, was drinsteckt, können Sie sich sicher sein, dass alles mit rechten Dingen zugeht. Das gilt für Fast Food wie für Software. Um Software abzusichern, muss man wissen, was in ihrem Code steckt. Aus diesem Grund ist eine Software Bill of Material, SBOM oder Software-Stückliste heute unerlässlich. Der SolarWinds-Angriff sowie die Log4j-Schwachstelle…
-
Docker Inc. CEO swap has analysts anticipating a sale
by
in SecurityNewsIndustry watchers see the takeover by a former Oracle exec as the precursor to merging with a broader software development portfolio at a larger company. First seen on techtarget.com Jump to article: www.techtarget.com/searchsoftwarequality/news/366619297/Docker-Inc-CEO-swap-has-analysts-anticipating-a-sale
-
Die besten DAST- & SAST-Tools
by
in SecurityNews
Tags: access, ai, api, application-security, authentication, awareness, cloud, cyberattack, cybersecurity, docker, framework, HIPAA, injection, PCI, rat, risk, risk-management, service, software, sql, supply-chain, tool, vulnerability, vulnerability-managementTools für Dynamic und Static Application Security Testing helfen Entwicklern, ihren Quellcode zu härten. Wir zeigen Ihnen die besten Tools zu diesem Zweck.Die Softwarelieferkette respektive ihre Schwachstellen haben in den vergangenen Jahren für viel Wirbel gesorgt. Ein besonders schlagzeilenträchtiges Beispiel ist der Angriff auf den IT-Dienstleister SolarWinds, bei dem mehr als 18.000 Kundenunternehmen betroffen waren.…
-
Cisco patches antivirus decommissioning bug as exploit code surfaces
by
in SecurityNewsCisco has patched a denial-of-service (DoS) vulnerability affecting its open-source antivirus software toolkit, ClamAV, which already has a proof-of-concept (PoC) exploit code available to the public.Identified as CVE-2025-20128, the vulnerability stems from a heap-based buffer overflow in the Object Linking and Embedding 2 (OLE2) decryption routine, enabling unauthenticated remote attackers to cause a DoS condition…
-
HPE’s sensitive data exposed in alleged IntelBroker hack
by
in SecurityNewsIntelBroker has struck again. This time, the notorious BreachForums bigwig, which has a long list of high-profile victims, including Europol, Cisco, and GE, has claimed to have breached IT giant Hewlett Packard Enterprise (HPE).The suspected Serbian-origin hacker is offering to sell on BreachForums, sensitive data allegedly stolen from HPE including product source codes and personally…
-
Anwendung blockiert: MacOS stuft Docker Desktop als Malware ein
by
in SecurityNewsEinige Dateien von Docker Desktop für MacOS wurden falsch signiert, so dass Nutzer eine Malware-Warnung erhalten. Eine echte Gefahr besteht nicht. First seen on golem.de Jump to article: www.golem.de/news/anwendung-blockiert-docker-desktop-unter-macos-als-malware-eingestuft-2501-192366.html
-
Docker Desktop blocked on Macs due to false malware alert
by
in SecurityNewsDocker is warning that Docker Desktop is not starting on macOS due to malware warnings after some files were signed with an incorrect code-signing certificate. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/docker-desktop-blocked-on-macs-due-to-false-malware-alert/
-
Die 10 besten APITools
by
in SecurityNews
Tags: ai, api, application-security, cloud, computing, credentials, cyberattack, data, ddos, docker, github, hacker, hacking, infrastructure, injection, mobile, open-source, programming, risk, service, software, sql, tool, vulnerability, wafMithilfe von APIs können verschiedene Software-Komponenten und -Ressourcen miteinander interagieren. Foto: eamesBot shutterstock.comAnwendungsprogrammierschnittstellen (Application Programming Interfaces, APIs) sind zu einem wichtigen Bestandteil von Netzwerken, Programmen, Anwendungen, Geräten und fast allen anderen Bereichen der Computerlandschaft geworden. Dies gilt insbesondere für das Cloud Computing und das Mobile Computing. Beides könnte in der derzeitigen Form nicht existieren, wenn…
-
Hackers Exploit Docker Remote API Servers To Inject Gafgyt Malware
by
in SecurityNewsAttackers are exploiting publicly exposed Docker Remote API servers to deploy Gafgyt malware by creating a Docker container using a legitimate >>alpine
-
JFrog entdeckt Angriffe auf Docker Hub 3 Millionen Repositories kompromittiert
by
in SecurityNewsDa Docker Hub weiterhin eine entscheidende Rolle im Entwickler-Ökosystem spielt, müssen die Sicherheitspraktiken weiterentwickelt werden, um diese Sch… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-entdeckt-angriffe-auf-docker-hub-3-millionen-repositories-kompromittiert/a37280/
-
Perfctl malware strikes again as crypto-crooks target Docker Remote API servers
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/10/24/perfctl_malware_strikes_again/
-
Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks
by
in SecurityNewsBad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findi… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/cybercriminals-exploiting-docker-api.html
-
TeamTNT Exploits 16 Million IPs in Malware Attack on Docker Clusters
by
in SecurityNewsFirst seen on hackread.com Jump to article: hackread.com/teamtnt-exploits-ips-malware-attack-docker-clusters/
-
Crooks are targeting Docker API servers to deploy SRBMiner
by
in SecurityNewsThreat actors are targeting Docker remote API servers to deploy SRBMiner crypto miners on compromised instances, Trend Micro warns. Trend Micro resear… First seen on securityaffairs.com Jump to article: securityaffairs.com/170144/malware/docker-remote-api-servers-srbminer.html
-
Backup in flüchtigen Umgebungen – Daten in Docker-Containern wiederherstellen
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/-sicherung-wiederherstellung-docker-volumes-a-3fd1c351200664b8c77cee1104fd8e1d/
-
New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet
by
in SecurityNewsCybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API with the goal of co-opting the instances to join… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/new-cryptojacking-attack-targets-docker.html
-
TeamTNT aims to take down cloud-based Docker containers, Kubernetes clusters
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/news/teamtnt-aims-to-take-down-cloud-based-docker-containers-kubernetes-clusters
-
Docker Desktop Vulnerabilities Let Attackers Execute Remote Code
by
in SecurityNewsDocker has addressed critical vulnerabilities in Docker Desktop that could allow attackers to execute remote code. These vulnerabilities, identified a… First seen on gbhackers.com Jump to article: gbhackers.com/docker-desktop-vulnerabilities/
-
DockerSpy: Search for images on Docker Hub, extract sensitive information
by
in SecurityNewsDockerSpy scans Docker Hub for images and retrieves sensitive information, including authentication secrets, private keys, and other confidential data… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/09/11/dockerspy-extract-sensitive-information-docker-hub-images/
-
Docker-OSX image used for security research hit by Apple DMCA takedown
by
in SecurityNewsThe popular Docker-OSX project has been removed from Docker Hub after Apple filed a DMCA (Digital Millennium Copyright Act) takedown request, alleging… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/docker-osx-image-used-for-security-research-hit-by-apple-dmca-takedown/
-
You should probably fix this 5-year-old critical Docker vuln fairly sharpish
by
in SecurityNews
Tags: dockerFirst seen on theregister.com Jump to article: www.theregister.com/2024/07/25/5yo_docker_vulnerability/
-
Alte Sicherheitslücke zur Rechteausweitung wieder aufgetaucht
by
in SecurityNewsEine Schwachstelle in den Autorisierung-Plug-ins hatte Docker 2019 geschlossen. Sie ist aber kurz danach als Regression wieder in die Engine eingeflos… First seen on heise.de Jump to article: www.heise.de/news/Docker-Alte-Sicherheitsluecke-zur-Rechteausweitung-wieder-aufgetaucht-9811582.html
-
Container angreifbar: Docker muss kritische Schwachstelle von 2019 erneut patchen
by
in SecurityNewsDocker hatte die Lücke längst geschlossen. Nur Monate später flog der Patch aber wieder raus. Die Docker Engine ist damit fünf Jahre lang angreifbar g… First seen on golem.de Jump to article: www.golem.de/news/container-angreifbar-docker-muss-kritische-schwachstelle-von-2019-erneut-patchen-2407-187423.html
-
Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins
by
in SecurityNewsDocker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins (AuthZ… First seen on thehackernews.com Jump to article: thehackernews.com/2024/07/critical-docker-engine-flaw-allows.html
-
Docker fixes critical auth bypass flaw, again (CVE-2024-41110)
by
in SecurityNewsA critical-severity Docker Engine vulnerability (CVE-2024-41110) may be exploited by attackers to bypass authorization plugins (AuthZ) via specially c… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/25/cve-2024-41110/
-
Critical bug in Docker Engine allowed attackers to bypass authorization plugins
by
in SecurityNewsA critical flaw in some versions of Docker Engine can be exploited to bypass authorization plugins (AuthZ) under specific circumstances. A vulnerabili… First seen on securityaffairs.com Jump to article: securityaffairs.com/166160/hacking/docker-engine-critical-flaw.html
-
Docker fixes critical 5-year old authentication bypass flaw
by
in SecurityNewsDocker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to byp… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/docker-fixes-critical-5-year-old-authentication-bypass-flaw/
-
Docker Patches Critical AuthZ Plugin Bypass Vulnerability Dating Back to 2018
by
in SecurityNewsThe vulnerability, tagged as CVE-2024-41110 with a CVSS severity score of 10/10, was originally found and fixed in 2018. The post Docker Patches Criti… First seen on securityweek.com Jump to article: www.securityweek.com/docker-patches-critical-authz-plugin-bypass-vulnerability-dating-back-to-2018/