RL Blog
|

The Week in Security: Docker Hub leaks secrets, Black Basta ransomware gangs up on retailer

Carolynn van Arsdale
Blog Author

Carolynn van Arsdale, Writer, ReversingLabs. Read More...

docker-hub-secrets-leak

Welcome to the latest edition of The Week in Security, which brings you the newest headlines from both the world and our team across the full stack of security: application security, cybersecurity, and beyond. This week: another open-source platform is being used by cybercriminals. Also: the Black Basta ransomware gang takes credit for the attack on Maple Leaf Foods. 

This Week’s Top Story

Typosquatting and secrets leaks are plaguing Docker Hub repositories

Docker Hub, a cloud-based container library, has become another example of an open-source platform being taken advantage of cybercriminals. Bleeping Computer reports that the library has over 1,600 images hiding malicious behavior. The malicious properties hidden include cryptocurrency miners, secrets leaks being used as backdoors, DNS hijackers, and website redirectors, according to researchers at Sysdig. 

Many rely on Docker Hub to freely search for and download Docker images — templates for the simple creation of containers — from the platform’s public library. It also allows anyone to upload their creations to the public library, which is what these malicious actors have capitalized on. These cybercriminals have also used typosquatting — slightly changing the spelling of legitimate, safe images — to trick unaware users into downloading a malicious Docker image. 

Sysdig scanned 250,000 unverified Linux images, yielding 1,652 malicious results. Among the malicious images, the majority of them were crypto-miners, with the second largest category being hidden, embedded secrets. Images with the purpose of crypto-mining were designed with malicious intent by threat actors, meanwhile images containing secrets leaks could have been a result of an organization posting them publicly on accident. 

Similar to the security issues of open-source software repositories such as npm and PyPI, Docker Hub is struggling to keep an eye on its growing threat landscape. With the majority of images on the platform coming from public repositories, Docker Hub is unable to scrutinize every upload, leaving gaps in managing these kinds of threats. 

News Roundup

Here are the stories we’re paying attention to this week…    

Lastpass says hackers accessed customer data in new breach (Bleeping Computer)

LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022.

Ransomware gang takes credit for Maple Leaf Foods hack (Security Week) 

The Black Basta ransomware group has taken credit for the recently disclosed attack on Canadian meat giant Maple Leaf Foods.

Citi shows continuous secure ingestion for software packages (The New Stack)

AppSec developers at Citi have pledged to open source a platform they have developed to protect software supply chains by automating continuous security checks on the software and libraries requested by developers.

Microsoft Defender boosts default protection for all enterprise users (Bleeping Computer)

Microsoft announced that built-in protection is generally available for all devices onboarded to Defender for Endpoint, the company's endpoint security platform.

Hackers using trending TikTok 'Invisible Challenge' to spread malware (The Hacker News)

Threat actors are capitalizing on a popular TikTok challenge to trick users into downloading information-stealing malware, according to new research from Checkmarx.

Researchers find a way malicious npm libraries can evade vulnerability detection (The Hacker News)

New findings from cybersecurity firm JFrog show that malware targeting the npm ecosystem can evade security checks by taking advantage of an "unexpected behavior" in the npm command line interface (CLI) tool.

Keep learning


Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.

More Blog Posts

Do More With Your SOAR

Do More With Your SOAR

Running an SOC is complex — and running without the best tools makes it more difficult. Learn how RL File Enrichment can automate and bolster your SOC.
Read More