The Home of the Security Bloggers Network
Home » Security Bloggers Network » 
Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond. This week: another open-source platform is being used by cybercriminals. Also: the Black Basta ransomware gang takes credit for the attack on Maple Leaf Foods.
Docker Hub, a cloud-based container library, has become another example of an open-source platform being taken advantage of cybercriminals. Bleeping Computer reports that the library has over 1,600 images hiding malicious behavior. The malicious properties hidden include cryptocurrency miners, secrets leaks being used as backdoors, DNS hijackers, and website redirectors, according to researchers at Sysdig.
Many rely on Docker Hub to freely search for and download Docker images — templates for the simple creation of containers — from the platform’s public library. It also allows anyone to upload their creations to the public library, which is what these malicious actors have capitalized on. These cybercriminals have also used typosquatting — slightly changing the spelling of legitimate, safe images — to trick unaware users into downloading a malicious Docker image.
Sysdig scanned 250,000 unverified Linux images, yielding 1,652 malicious results. Among the malicious images, the majority of them were crypto-miners, with the second largest category being hidden, embedded secrets. Images with the purpose of crypto-mining were designed with malicious intent by threat actors, meanwhile images containing secrets leaks could have been a result of an organization posting them publicly on accident.
Similar to the security issues of open-source software repositories such as npm and PyPI, Docker Hub is struggling to keep an eye on its growing threat landscape. With the majority of images on the platform coming from public repositories, Docker Hub is unable to scrutinize every upload, leaving gaps in managing these kinds of threats.
Here are the stories we’re paying attention to this week…
LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022.
The Black Basta ransomware group has taken credit for the recently disclosed attack on Canadian meat giant Maple Leaf Foods.
AppSec developers at Citi have pledged to open source a platform they have developed to protect software supply chains by automating continuous security checks on the software and libraries requested by developers.
Microsoft announced that built-in protection is generally available for all devices onboarded to Defender for Endpoint, the company’s endpoint security platform.
Threat actors are capitalizing on a popular TikTok challenge to trick users into downloading information-stealing malware, according to new research from Checkmarx.
New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an “unexpected behavior” in the npm command line interface (CLI) tool.
*** This is a Security Bloggers Network syndicated blog from ReversingLabs Blog authored by Carolynn van Arsdale. Read the original post at: https://blog.reversinglabs.com/blog/the-week-in-security-docker-hub-leaks-secrets-black-basta-ransomware-gangs-up-on-retailer
More Webinars 
