Tag: docker
-
Ethical hackers exploited zero-day vulnerabilities against popular OS, browsers, VMs and AI frameworks
Virtual machine and container escapes: Virtualization sits at the core of public cloud infrastructure and private data centers, allowing companies to run their workloads and applications inside isolated containers or virtual servers. Any flaw that allows escaping from the confines of a virtual machine or a Linux container poses a risk not only to the…
-
Windows 11 and Red Hat Linux hacked on first day of Pwn2Own
On the first day of Pwn2Own Berlin 2025, security researchers were awarded $260,000 after successfully demonstrating zero-day exploits for Windows 11, Red Hat Linux, Docker Desktop, and Oracle VirtualBox. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/windows-11-and-red-hat-linux-virtualbox-hacked-on-first-day-of-pwn2own/
-
Experts Uncover New XorDDoS Controller, Infrastructure as Malware Expands to Docker, Linux, IoT
Cybersecurity researchers are warning of continued risks posed by a distributed denial-of-service (DDoS) malware known as XorDDoS, with 71.3 percent of the attacks between November 2023 and February 2025 targeting the United States.”From 2020 to 2023, the XorDDoS trojan has increased significantly in prevalence,” Cisco Talos researcher Joey Chen said in a Thursday analysis. First…
-
CVE-Finanzierung weiterhin gesichert
Tags: cisa, cve, cyber, cybersecurity, docker, google, governance, government, infrastructure, mitre, open-source, technology, tool, usa, vulnerabilityExperten warnten, dass ohne CVE ein Koordinationschaos in der IT-Sicherheit droht. Die CISA scheint sie erhört zu haben.Am 16. April 2025 hatte die Trump-Regierung kurzfristig ein Ende der Finanzierung des weltweit bedeutenden CVE-Programms (Common Vulnerabilities and Exposures), das seit 25 Jahren eine zentrale Rolle in der Cybersicherheitslandschaft spielt, verkündet. Die gemeinnützige Organisation MITRE, die das…
-
NVIDIA and Docker Flaws Raise Container Security Concerns
First seen on scworld.com Jump to article: www.scworld.com/brief/nvidia-and-docker-flaws-raise-container-security-concerns
-
Incomplete patching leaves Nvidia, Docker exposed to DOS attacks
Mitigations include restricting Docker access: CVE-2024-0132 first received a fix in September 2024, which did not fully patch the flaw and left a patch bypass issue tracked as CVE-2025-23359. Nvidia fixed the bypass in February which Trend Micro believes to be lacking.The problem is that the fix, issued with the version 1.17.4 update, includes an…
-
Incomplete Patch Leaves NVIDIA and Docker Users at Risk
NVIIA’s incomplete security patch, combined with a Docker vulnerability, creates a serious threat for organizations using containerized environments. This article explains the risks and mitigation strategies. First seen on hackread.com Jump to article: hackread.com/incomplete-patch-leaves-nvidia-docker-users-at-risk/
-
Jenkins Docker Vulnerability Allows Hackers to Hijack Network Traffic
A newly disclosed vulnerability affecting Jenkins Docker images has raised serious concerns about network security. The vulnerability, stemming from the reuse of SSH host keys, could allow attackers to impersonate Jenkins build agents and hijack sensitive network traffic. Vulnerability Details The core issue arises from the way SSH host keys are automatically generated during image…
-
Getting the Most Value Out of the OSCP: The PEN-200 Labs
Tags: access, ai, attack, compliance, container, cyber, cybersecurity, dns, docker, exploit, firewall, guide, hacking, Hardware, infrastructure, intelligence, jobs, kubernetes, microsoft, mitigation, network, open-source, oracle, penetration-testing, powershell, risk, security-incident, service, siem, skills, technology, tool, training, vmware, vulnerability, windowsHow to leverage the PEN-200 simulated black-box penetration testing scenarios for maximal self-improvement and career success. Disclaimer: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements. I have not been sponsored or incentivized in any way to recommend or oppose any…
-
Software Bill of Material umsetzen: Die besten SBOM-Tools
Tags: api, business, compliance, container, cyberattack, data, docker, gartner, github, gitlab, healthcare, linux, monitoring, open-source, risk, saas, sbom, service, software, tool, update, vulnerabilityNur wenn Sie wissen, was drinsteckt, können Sie sich sicher sein, dass alles mit rechten Dingen zugeht. Das gilt für Fast Food wie für Software. Um Software abzusichern, muss man wissen, was in ihrem Code steckt. Aus diesem Grund ist eine Software Bill of Material, SBOM oder Software-Stückliste heute unerlässlich. Der SolarWinds-Angriff sowie die Log4j-Schwachstelle…
-
Docker Inc. CEO swap has analysts anticipating a sale
Industry watchers see the takeover by a former Oracle exec as the precursor to merging with a broader software development portfolio at a larger company. First seen on techtarget.com Jump to article: www.techtarget.com/searchsoftwarequality/news/366619297/Docker-Inc-CEO-swap-has-analysts-anticipating-a-sale
-
Die besten DAST- & SAST-Tools
Tags: access, ai, api, application-security, authentication, awareness, cloud, cyberattack, cybersecurity, docker, framework, HIPAA, injection, PCI, rat, risk, risk-management, service, software, sql, supply-chain, tool, vulnerability, vulnerability-managementTools für Dynamic und Static Application Security Testing helfen Entwicklern, ihren Quellcode zu härten. Wir zeigen Ihnen die besten Tools zu diesem Zweck.Die Softwarelieferkette respektive ihre Schwachstellen haben in den vergangenen Jahren für viel Wirbel gesorgt. Ein besonders schlagzeilenträchtiges Beispiel ist der Angriff auf den IT-Dienstleister SolarWinds, bei dem mehr als 18.000 Kundenunternehmen betroffen waren.…
-
Cisco patches antivirus decommissioning bug as exploit code surfaces
Cisco has patched a denial-of-service (DoS) vulnerability affecting its open-source antivirus software toolkit, ClamAV, which already has a proof-of-concept (PoC) exploit code available to the public.Identified as CVE-2025-20128, the vulnerability stems from a heap-based buffer overflow in the Object Linking and Embedding 2 (OLE2) decryption routine, enabling unauthenticated remote attackers to cause a DoS condition…
-
HPE’s sensitive data exposed in alleged IntelBroker hack
IntelBroker has struck again. This time, the notorious BreachForums bigwig, which has a long list of high-profile victims, including Europol, Cisco, and GE, has claimed to have breached IT giant Hewlett Packard Enterprise (HPE).The suspected Serbian-origin hacker is offering to sell on BreachForums, sensitive data allegedly stolen from HPE including product source codes and personally…
-
Anwendung blockiert: MacOS stuft Docker Desktop als Malware ein
Einige Dateien von Docker Desktop für MacOS wurden falsch signiert, so dass Nutzer eine Malware-Warnung erhalten. Eine echte Gefahr besteht nicht. First seen on golem.de Jump to article: www.golem.de/news/anwendung-blockiert-docker-desktop-unter-macos-als-malware-eingestuft-2501-192366.html
-
Docker Desktop blocked on Macs due to false malware alert
Docker is warning that Docker Desktop is not starting on macOS due to malware warnings after some files were signed with an incorrect code-signing certificate. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/docker-desktop-blocked-on-macs-due-to-false-malware-alert/
-
Die 10 besten APITools
Tags: ai, api, application-security, cloud, computing, credentials, cyberattack, data, ddos, docker, github, hacker, hacking, infrastructure, injection, mobile, open-source, programming, risk, service, software, sql, tool, vulnerability, wafMithilfe von APIs können verschiedene Software-Komponenten und -Ressourcen miteinander interagieren. Foto: eamesBot shutterstock.comAnwendungsprogrammierschnittstellen (Application Programming Interfaces, APIs) sind zu einem wichtigen Bestandteil von Netzwerken, Programmen, Anwendungen, Geräten und fast allen anderen Bereichen der Computerlandschaft geworden. Dies gilt insbesondere für das Cloud Computing und das Mobile Computing. Beides könnte in der derzeitigen Form nicht existieren, wenn…
-
Hackers Exploit Docker Remote API Servers To Inject Gafgyt Malware
Attackers are exploiting publicly exposed Docker Remote API servers to deploy Gafgyt malware by creating a Docker container using a legitimate >>alpine
-
JFrog entdeckt Angriffe auf Docker Hub 3 Millionen Repositories kompromittiert
Da Docker Hub weiterhin eine entscheidende Rolle im Entwickler-Ökosystem spielt, müssen die Sicherheitspraktiken weiterentwickelt werden, um diese Sch… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-entdeckt-angriffe-auf-docker-hub-3-millionen-repositories-kompromittiert/a37280/
-
Perfctl malware strikes again as crypto-crooks target Docker Remote API servers
First seen on theregister.com Jump to article: www.theregister.com/2024/10/24/perfctl_malware_strikes_again/
-
Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks
Bad actors have been observed targeting Docker remote API servers to deploy the SRBMiner crypto miner on compromised instances, according to new findi… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/cybercriminals-exploiting-docker-api.html
-
TeamTNT Exploits 16 Million IPs in Malware Attack on Docker Clusters
First seen on hackread.com Jump to article: hackread.com/teamtnt-exploits-ips-malware-attack-docker-clusters/
-
Crooks are targeting Docker API servers to deploy SRBMiner
Threat actors are targeting Docker remote API servers to deploy SRBMiner crypto miners on compromised instances, Trend Micro warns. Trend Micro resear… First seen on securityaffairs.com Jump to article: securityaffairs.com/170144/malware/docker-remote-api-servers-srbminer.html
-
Backup in flüchtigen Umgebungen – Daten in Docker-Containern wiederherstellen
First seen on security-insider.de Jump to article: www.security-insider.de/-sicherung-wiederherstellung-docker-volumes-a-3fd1c351200664b8c77cee1104fd8e1d/
-
New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet
Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API with the goal of co-opting the instances to join… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/new-cryptojacking-attack-targets-docker.html
-
TeamTNT aims to take down cloud-based Docker containers, Kubernetes clusters
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/teamtnt-aims-to-take-down-cloud-based-docker-containers-kubernetes-clusters
-
Docker Desktop Vulnerabilities Let Attackers Execute Remote Code
Docker has addressed critical vulnerabilities in Docker Desktop that could allow attackers to execute remote code. These vulnerabilities, identified a… First seen on gbhackers.com Jump to article: gbhackers.com/docker-desktop-vulnerabilities/