CyberSecurityBoard
Sponsor Register Login

Cybercrooks Target Docker Containers With Novel Pageview Generator

Container-focused cyberattackers have a brand-new type of payload: a gray-area traffic-generating tool that creates artificial page views for websites, known as the 9hits Traffic Exchange.
The app loads a chosen webpage a certain number of times, thus generating page views - even though there are no actual eyeballs taking in the target site's content.
9hits might be a little shady, being used to inflate a site's actual visitor engagement numbers in a quest for luring advertisers - but its use is not illegal.
Unless, of course, it's being planted into an organization's infrastructure without consent, thus stealing compute resources.
Cado says the attackers in a fresh campaign are targeting vulnerable Docker services to deploy two separate containers: an XMRig cryptominer and 9hits.
The former is a well-known malicious payload, but the latter is entirely novel, the researchers said.
Once visited, the session owner is awarded a credit on the 9hits platform.
The credits can then be turned into traffic to the attacker's site of choice, which in turn can be monetized in any number of creative ways, including selling it to an ad network.


This Cyber News was published on www.darkreading.com. Publication date: Thu, 18 Jan 2024 20:20:10 +0000


Cyber News related to Cybercrooks Target Docker Containers With Novel Pageview Generator

What Is Container Security? Definition, Benefits, and Risks - Container security is a vital factor for all companies that use containers for running their software, as an alternative to using virtual machines. Container security is a total of policies and tools that are applied to maintain a container running ...
1 year ago Heimdalsecurity.com
Docker Image Building Best Practices - Starting with a basic, minimum image is essential when creating Docker images. They let you utilize numerous Docker images throughout the build process, which helps to reduce the size of the final image by removing unneeded build artifacts. Docker ...
1 year ago Feeds.dzone.com
10 reasons why securing software supply chains needs to start with containers - Containers and Kubernetes are table stakes for multi-cloud app development, and they're also among the least protected of any areas of software supply chains. Kubernetes commands 92% of the container orchestration platform market, despite DevOps ...
10 months ago Venturebeat.com
New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet - On vulnerable endpoints, the Docker API is used to spawn an Alpine container and then retrieve an initialization shell script (init.sh) from a remote server ("solscan[.]live") that, in turn, checks if it's running as the root user and tools like curl ...
2 months ago Thehackernews.com
Enabling Peer Pods on IBM Z and LinuxONE with Red Hat OpenShift sandboxed containers - Red Hat OpenShift sandboxed containers version 1.5.0, introduces Peer Pods to IBM Z and LinuxONE. This update is the product of a cooperation between IBM and Red Hat, and is an important step in improving sandboxed containers, paving the way for ...
10 months ago Redhat.com
Cybercrooks Target Docker Containers With Novel Pageview Generator - Container-focused cyberattackers have a brand-new type of payload: a gray-area traffic-generating tool that creates artificial page views for websites, known as the 9hits Traffic Exchange. The app loads a chosen webpage a certain number of times, ...
11 months ago Darkreading.com
CVE-2024-29018 - Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP ...
9 months ago
Python Malware Poses DDoS Threat Via Docker API Misconfiguration - Security researchers have identified a new cyber-threat targeting publicly exposed instances of the Docker Engine API. In this campaign, attackers exploit misconfigurations to deploy a malicious Docker container with Python malware compiled as an ELF ...
1 year ago Infosecurity-magazine.com
Best Password Generators of 2024 to Secure Your Accounts - Overview of best password generators to secure online accounts. We have various password generators to help us protect our accounts and practical barriers to protect our sensitive information. We have compiled this list of the best password ...
6 months ago Cyberdefensemagazine.com
A Handbook for Managing Containers on Amazon Web Services - Container management is a way to help you create, govern, and maintain your containers. There are tools and services available that can automate the creation, deployment, maintenance, scaling, and monitoring of application or system containers. In ...
1 year ago Trendmicro.com
New Malware Campaign Exploits 9hits in Docker Assault - Security researchers have uncovered a novel cyber-attack campaign targeting vulnerable Docker services. The attacks mark the first documented case of malware utilizing the 9hits application as a payload. Discovered by Cado Security Labs, the campaign ...
11 months ago Infosecurity-magazine.com
Leaky Vessels flaws allow hackers to escape Docker, runc containers - The flaws were discovered by Snyk security researcher Rory McNamara in November 2023, who reported them to impacted parties for fixing. Snyk has found no signs of active exploitation of the Leaky Vessels flaws in the wild, but the publicity could ...
10 months ago Bleepingcomputer.com
CVE-2023-0629 - Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the ...
1 year ago
Rootkit Turns Kubernetes from Orchestration to Subversion - As software development focuses on continuous integration and deployment, orchestration platforms like Kubernetes have taken off, but that popularity has put them in attackers' crosshairs. Most successful attacks - at least those publicly reported - ...
1 year ago Darkreading.com
CVE-2022-39321 - GitHub Actions Runner is the application that runs a job from a GitHub Actions workflow. The actions runner invokes the docker cli directly in order to run job containers, service containers, or container actions. A bug in the logic for how the ...
2 years ago
CVE-2022-24769 - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process ...
1 year ago
CVE-2022-39206 - Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket (e.g. /var/run/docker.sock on Linux) is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a ...
2 years ago
Fortifying confidential computing in Microsoft Azure - I wrote about how Microsoft used Intel's secure extensions to its processor instruction sets to provide a foundation for confidential computing in Azure a few years ago. In the years since, the confidential computing market has taken a few steps ...
1 year ago Infoworld.com
CVE-2020-15257 - containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the ...
2 years ago
Hackers Exploiting Docker Swarm, Kubernetes & SSH Servers In Large Scale - The primary goal was “cryptojacking,” using the XMRig miner to mine “Monero cryptocurrency.” The attackers showed advanced tactics by manipulating “Docker Swarm,” to create a botnet-like network of compromised ...
2 months ago Cybersecuritynews.com
CVE-2024-3177 - A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with ...
7 months ago
The state of container security: 5 key steps to locking down your releases - Over the last couple of years, the rise in software supply chain attacks has increased container security risks - and heightened the need for organizations to deploy controls for managing and mitigating those risks. As containers have become ...
11 months ago Securityboulevard.com
CVE-2021-41091 - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, ...
2 years ago
CVE-2024-29735 - Improper Preservation of Permissions vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.8.2 through 2.8.3. ...
8 months ago
Security related Docker containers - SANS Internet Storm Center - Over the last 9 months or so, I've been putting together some docker containers that I find useful in my day-to-day malware analysis and forensicating. In a couple of cases, I just found it easier to create a docker container than try to remember ...
2 months ago Isc.sans.edu

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)