Profile picture
, 3 tweets, 2 min read
My Authors
Read all threads
A new undetectable (0/61) #Linux malware is hijacking misconfigured #Docker servers with exposed APIs—mostly hosted with popular cloud services like AWS, Azure & Alibaba Cloud.

thehackernews.com/2020/07/docker…

Attackers managed to run this campaign under the radar for at least 6 months.
Besides this, Intezer researchers @NicoleFishi19 and @kajilot also found that the attackers also managed to compromise the host machines by binding newly created containers with the server's root directory, allowing them to access or modify any file on the system.

#infosec
Organizations running Docker instances are advised not to expose APIs to the Internet, but if they still need to, then ensure that it is reachable only from a trusted network or VPN only.

Find best Docker security practices here: docs.docker.com/engine/securit…
Missing some Tweet in this thread? You can try to force a refresh.

Keep Current with The Hacker News

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Related hashtags

#Linux #Docker #infosec

More from @TheHackersNews see all

Profile picture
The Hacker News
@TheHackersNews
🔥 WATCH OUT 🔥

Many popular #cryptocurrency-related verified Twitter accounts got simultaneously compromised and tweeted an identical "Crypto For Health" #SCAM message.

Hacked people and organizations include Gemini, #Binance, Binance's CEO, #Coinbase, CoinDesk, and KuCoin.
Elon Musk's account has also been compromised, tweeting a similar cryptocurrency scam.

Keep an eye on this #Bitcoin address: btc.com/bc1qxy2kgdygjr…

Does someone has found a zero-day bug in @Twitter?

#infosec #cybersecurity
Bill Gates too...

OMG, What's happening!

Don't fall for these SCAMS.

Inform Others.

Hey @Twitter, can you remove all these tweets ASAP?
Read 10 tweets
Profile picture
The Hacker News
@TheHackersNews
WARNING 🔥 CVE-2020-1350 (CVSS 10)

A critical 17-year-old 'wormable' RCE #vulnerability affects Windows DNS Servers (2013 to 2019 editions) that could let unauthenticated hackers gain 'Domain Admin' privileges on the targeted servers.

Details — thehackernews.com/2020/07/window…

#infosec
Researchers confirm the new #Windows vulnerability, dubbed 'SigRed,' is a wormable bug, allowing attackers to launch #malware attacks that can spread from one vulnerable computer to another without any human interaction.

#cybersecurity #sysadmins #microsoft #informationsecurity
If exploited, #SigRed Windows Server #vulnerability enables hackers to intercept and manipulate users' emails and network traffic, make services unavailable, harvest users' credentials, and eventually compromise an organization's entire IT infrastructure.

thehackernews.com/2020/07/window…
Read 8 tweets
Profile picture
The Hacker News
@TheHackersNews
Beware #Android Users!

A new unpatched #vulnerability — dubbed Strandhogg — in Android could let malicious apps take extensive control over your device & steal your login credentials.

Details: thehackernews.com/2019/12/strand…

Dozens of apps are already exploiting this flaw in the wild.
@Swati_THN 1) #Phishing Attacks:

#Strandhogg task hijacking vulnerability can be exploited to display a fake user interface (UI) while tricking users into thinking they are using a legitimate app, making it easy for the malware to steal their credentials using spoofed login interfaces.
@Swati_THN 2) Fraudulently Requesting Permissions:

A malicious app can also escalate its capabilities significantly by tricking users into granting sensitive device permissions while posing as a legitimate app.

Read more: thehackernews.com/2019/12/strand…

#infosec #hacking #cybersecurity
Read 4 tweets

Embed code for your website

×
Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!