新浪网

安全公司调查全球最大容器镜像库 Docker Hub,发现 10000+ 镜像泄露敏感 ...

IT之家 12 月 11 日消息,网络安全公司 Flare 昨日(12 月 10 日)发布报告,其研究人员在 11 月扫描 Docker Hub 后发现,超过 10000 个容器镜像泄露了敏感数据,包括生产系统凭证、CI / CD 数据库密码及 AI 模型密钥(如 OpenAI 和 HuggingFace)。 该公司研究人员于 11 月扫描 ...
新浪网

二进制密钥扫描实现预警守护,阻击潜在供应链重大安全隐患

JFrog安全研究团队近期发现并报告了一起严重的安全事件,一个具有管理员权限的访问令牌在Docker Hub上托管的某个公共Docker容器中意外泄露,该令牌可访问Python、PyPI及Python软件基金会(PSF)的GitHub仓库。 作为一项针对线上社区的服务,JFrog安全研究团队持续扫描 ...
Infosecurity-magazine.com

Python Malware Poses DDoS Threat Via Docker API Misconfiguration

Security researchers have identified a new cyber-threat targeting publicly exposed instances of the Docker Engine API. In this campaign, attackers exploit misconfigurations to deploy a malicious ...
it-daily.net

Critical security vulnerability on Docker Hub

A Vulnerability on Docker Hub allowed admin access to the Python Package Index (PyPI) and the injection of malicious code. The JFrog Security Research Team recently identified and mitigated a critical ...
CSOonline

Python GitHub token leak shows binary files can burn developers too

Scrubbing tokens from source code is not enough, as shown by the publishing of a Python Software Foundation access token with administrator privileges to a container image on Docker Hub. A personal ...
CSOonline

Half of all Docker Hub images have at least one critical vulnerability

New research reveals the scale at which criminals have exploited public open-source Docker repositories to plant malware among container images. A new security analysis of the 4 million container ...
Bleeping Computer

17 Backdoored Docker Images Removed From Docker Hub

The Docker team has pulled 17 Docker container images that have been backdoored and used to install reverse shells and cryptocurrency miners on users' servers for the past year. The malicious Docker ...