Trivy Supply Chain Attack Expands With New Compromised Docker Images
New Trivy Docker images 0.69.5 and 0.69.6 compromised with TeamPCP infostealer, impacting CI/CD scans
Virtualisation security covers hypervisors, virtual machines, and isolated workloads, where flaws or misconfiguration can expose systems and data.
Search across headline titles and summaries.
Background for this topic.
Virtualisation uses software to divide or simulate computing resources so multiple isolated virtual machines (VMs) can share a physical host. Each VM can run its own operating system and applications; a hypervisor controls access to the host’s processors, memory, storage and devices. The term can also include virtual networks and storage, while containers provide a related but less isolated form of workload virtualisation.
Security depends on the hypervisor and its management plane being securely configured, patched and access-controlled. A hypervisor vulnerability or misconfiguration can expose data across VMs, and a VM escape can allow code running in one guest to reach the host or other guests. Virtual machine images, templates and snapshots may retain credentials or sensitive data and therefore require inventory, integrity checks, encryption and controlled retention. Network segmentation between virtual workloads should be enforced through explicit policies rather than assumed from virtual separation. These controls also support reliable investigation and recovery by preserving trustworthy images and records of administrative changes.
Weekly headline count for the current query.
New Trivy Docker images 0.69.5 and 0.69.6 compromised with TeamPCP infostealer, impacting CI/CD scans
DockerDash vulnerability allows RCE and data exfiltration via unverified metadata in Ask Gordon
Broadcom has released security patches for critical flaws affecting several VMware products
Scattered Spider has targeted VMware vSphere environments, exploiting retail, airline and insurance sectors
Sygnia observed Chinese cyber campaign dubbed Fire Ant deploying sophisticated techniques to gain full compromise of victim environments, discovering isolated assets
Darktrace and Cado said the new campaign highlights a shift towards alternative methods of mining cryptocurrencies
Cloud software firm VMware has issued a critical security advisory, detailing three zero-day vulnerabilities being actively exploited in the wild
Helldown ransomware has expanded its reach to target Linux and VMware systems, exploiting Zyxel firewall vulnerabilities and exfiltrating data
BlackByte, linked to the Conti group, exploited VMware ESXi CVE-2024-37085 to control virtual machines
Trend Micro also revealed a connection between the Play ransomware group and the threat actor Prolific Puma
VMware has disclosed critical vulnerabilities impacting its VMware vSphere and VMware Cloud Foundation products, with patches available for customers
According to JFrog, approximately 25% of all repositories lack useful functionality and serve as vehicles for spam and malware
Cado said the payloads facilitated RCE attacks by leveraging common misconfigurations and known vulnerabilities
Discovered by Cado Security, the campaign deploys two containers to vulnerable Docker instances
Cisco Talos said Operation Blacksmith leveraged the flaw in publicly facing VMWare Horizon servers
Cado Security Labs said the bot agent exhibited various methods for conducting DDoS attacks
The issue arises from the logging of credentials in hex encoding in platform system audit logs
Infrastructure being built to support new cloud-native campaign
VMware explained that 8Base employs a combination of encryption and “name-and-shame” tactics
A malicious actor with local admin privileges could exploit the vulnerability to escape from the VM