The Week in Security: Docker Hub leaks secrets, Black Basta ransomware gangs up on retailer

This week: another open-source platform is being used by cybercriminals. Also: the Black Basta ransomware gang takes credit for the attack on Maple Leaf Foods.

This Week’s Top Story

Typosquatting and secrets leaks are plaguing Docker Hub repositories

Docker Hub, a cloud-based container library, has become another example of an open-source platform being taken advantage of cybercriminals. Bleeping Computer reports that the library has over 1,600 images hiding malicious behavior. The malicious properties hidden include cryptocurrency miners, secrets leaks being used as backdoors, DNS hijackers, and website redirectors, according to researchers at Sysdig.

Many rely on Docker Hub to freely search for and download Docker images — templates for the simple creation of containers — from the platform’s public library. It also allows anyone to upload their creations to the public library, which is what these malicious actors have capitalized on. These cybercriminals have also used typosquatting — slightly changing the spelling of legitimate, safe images — to trick unaware users into downloading a malicious Docker image.

Sysdig scanned 250,000 unverified Linux images, yielding 1,652 malicious results. Among the malicious images, the majority of them were crypto-miners, with the second largest category being hidden, embedded secrets. Images with the purpose of crypto-mining were designed with malicious intent by threat actors, meanwhile images containing secrets leaks could have been a result of an organization posting them publicly on accident.

Similar to the security issues of open-source software repositories such as npm and PyPI, Docker Hub is struggling to keep an eye on its growing threat landscape. With the majority of images on the platform coming from public repositories, Docker Hub is unable to scrutinize every upload, leaving gaps in managing these kinds of threats.

News Roundup

Here are the stories we’re paying attention to this week…

Lastpass says hackers accessed customer data in new breach (Bleeping Computer)

LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022.

Ransomware gang takes credit for Maple Leaf Foods hack (Security Week)

The Black Basta ransomware group has taken credit for the recently disclosed attack on Canadian meat giant Maple Leaf Foods.

Citi shows continuous secure ingestion for software packages (The New Stack)

AppSec developers at Citi have pledged to open source a platform they have developed to protect software supply chains by automating continuous security checks on the software and libraries requested by developers.

Microsoft Defender boosts default protection for all enterprise users (Bleeping Computer)

Microsoft announced that built-in protection is generally available for all devices onboarded to Defender for Endpoint, the company's endpoint security platform.

Hackers using trending TikTok 'Invisible Challenge' to spread malware (The Hacker News)

Threat actors are capitalizing on a popular TikTok challenge to trick users into downloading information-stealing malware, according to new research from Checkmarx.

Researchers find a way malicious npm libraries can evade vulnerability detection (The Hacker News)

New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an "unexpected behavior" in the npm command line interface (CLI) tool.