Trivy Supply Chain Attack Expands With New Compromised Docker Images
New Trivy Docker images 0.69.5 and 0.69.6 compromised with TeamPCP infostealer, impacting CI/CD scans
Explore the latest Docker security news, updates, and best practices to safeguard your containers and applications with our information security insights.
Search across headline titles and summaries.
Background for this topic.
Docker is a platform for building, distributing, and running applications as containers. An image packages application code and dependencies; Docker Engine starts it as an isolated process that shares the host’s operating-system kernel, rather than as a full virtual machine. The Docker API and image registries connect local or automated build and deployment workflows.
Security depends on both the daemon and the images it runs. Access to the Docker daemon or its socket can provide extensive control of the host, so the API should not be unnecessarily exposed and socket mounts should be tightly restricted. Privileged containers, excessive Linux capabilities, and broad host filesystem mounts weaken isolation. Image vulnerabilities or malicious dependencies can enter through the build and distribution chain; use trusted, minimal bases, pinned dependencies, vulnerability scanning, provenance controls, and regular rebuilds. Do not place secrets in image layers. Rootless mode and restrictive security profiles can reduce the consequences of a compromised container.
Weekly headline count for the current query.
New Trivy Docker images 0.69.5 and 0.69.6 compromised with TeamPCP infostealer, impacting CI/CD scans
DockerDash vulnerability allows RCE and data exfiltration via unverified metadata in Ask Gordon
Darktrace and Cado said the new campaign highlights a shift towards alternative methods of mining cryptocurrencies
According to JFrog, approximately 25% of all repositories lack useful functionality and serve as vehicles for spam and malware
Cado said the payloads facilitated RCE attacks by leveraging common misconfigurations and known vulnerabilities
Discovered by Cado Security, the campaign deploys two containers to vulnerable Docker instances
Cado Security Labs said the bot agent exhibited various methods for conducting DDoS attacks
Infrastructure being built to support new cloud-native campaign
Shared repository is also a hidden source of malware
The threat actors also utilized user and kernel mode rootkits to hide the activity
LemonDuck targets Linux machines