CrowdStrike security researchers discovered two Docker images with over 150,000 downloads that were used to launch distributed denial-of-service (DDoS) attacks on a dozen Russian and Belarusian websites operated by government, military, and press organisations from February to March 2022. CrowdStrike discovered that two malicious images named "Erikmnkl/stoppropaganda" and "Abagayev/stop-Russia" retrieved directly from the Docker Hub repository attacked its honeypots via exposed Docker Engine APIs. Initially, the targets for the DDoS attacks were chosen at random, but subsequent versions of the images included a time-based selection and a hardcoded list of targets that were targeted in one-hour strikes. The Docker images contains bombardier, a Go-based HTTP benchmarking tool for stress-testing websites using HTTP-based queries that was abused as a DoS tool when a new container based on the Docker image was created. Targeting unprotected Docker APIs is nothing new; cryptocurrency mining gangs such as Lemon Duck and TeamTNT have been targeting exposed Docker APIs for years. Unfortunately, there are many poorly configured or poorly protected Docker deployments out there, making it simple for threat actors to exploit the resources.
Zscaler ThreatLabz researchers have uncovered a surge in fraudulent websites hosted on popular web hosting and blogging platforms, part of an elaborate strategy to spread malware t...
The Federal Trade Commission (FTC) has announced that it will distribute $5.6 million in refunds to Ring users affected by privacy and security issues. The refunds come as part of ...
In the summer of 2023, the Lazarus Group, a threat actor linked to North Korea, employed its well-known fabricated job lures to deliver a new remote access trojan (RAT) named Kaoli...