NEWS

Malicious or Vulnerable Docker Images Widespread, Firm Says

A dynamic analysis of the publicly available images on Docker Hub found that 51% had critical vulnerabilities and about 6,500 of the 4 million latest images could be considered malicious. More than half of the latest images available on Docker Hub have critical vulnerabilities from outdated software, while thousands of images are attack tools or … Continue reading Malicious or Vulnerable Docker Images Widespread, Firm Says

VMware Releases Security Updates to Address CVE-2020-4006

VMware has released security updates to address a vulnerability—CVE-2020-4006—in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2020-0027.2 and apply the necessary … Continue reading VMware Releases Security Updates to Address CVE-2020-4006

Security Slipup Exposes Health Records & Lab Results

NTreatment failed to add password protection to a cloud server, exposing thousands of sensitive medical records online. NTreatment inadvertently exposed thousands of medical records online by neglecting to add password protection to one of its cloud servers, TechCrunch reports. The health technology company, which handles electronic health records for doctors, had put 109,000 files in … Continue reading Security Slipup Exposes Health Records & Lab Results

Turla’s ‘Crutch’ Backdoor Leverages Dropbox in Espionage Attacks

Researchers have discovered a previously undocumented backdoor and document stealer, which they have linked to the Russian-speaking Turla advanced persistent threat (APT) espionage group. The malware, which researchers call “Crutch,” is able to bypass security measures by abusing legitimate tools – including the file-sharing service Dropbox – in order to hide behind normal network traffic. … Continue reading Turla’s ‘Crutch’ Backdoor Leverages Dropbox in Espionage Attacks

Misconfigured Docker Servers Under Attack by Xanthe Malware

Researchers have discovered a Monero cryptomining botnet they call Xanthe, which has been exploiting incorrectly configured Docker API installations in order to infect Linux systems. Xanthe was first discovered in a campaign that employed a multi-modular botnet, as well as a payload that is a variant of the XMRig Monero cryptocurrency miner. Researchers said that … Continue reading Misconfigured Docker Servers Under Attack by Xanthe Malware


No comments to show.