• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   DevOps

CVE-2019-16928: Exploiting an Exim Vulnerability via EHLO Strings

  • Posted on:October 10, 2019 at 6:00 am
  • Posted in:Vulnerabilities
  • Author:
    Trend Micro
0

In September, security researchers discovered the existence of CVE-2019-16928, a vulnerability involving the mail transfer agent Exim. Exim accounts for over 50% of publicly reachable mail servers on the internet. What makes the bug particularly noteworthy is that threat actors could exploit it to perform denial of service (DoS) or possibly even remote code execution attacks (RCE) — making it a serious concern for Exim customers who use vulnerable versions of the software.

Read More
Tags: DevOps

Infected Cryptocurrency-Mining Containers Target Docker Hosts With Exposed APIs, Use Shodan to Find Additional Victims

  • Posted on:May 30, 2019 at 5:10 am
  • Posted in:Malware
  • Author:
    Alfredo Oliveira (Senior Threat Researcher)
0

We discovered a Docker Hub repository that has been sending infected cryptocurrency-mining containers to hubs with publicly exposed APIs. Some of the images within the repository contained a Shodan script that identified potential targets for further distribution.

Read More
Tags: Containercryptocurrency minerDevOpsDocker

Exposed Docker Control API and Community Image Abused to Deliver Cryptocurrency-Mining Malware

  • Posted on:March 1, 2019 at 5:01 am
  • Posted in:Malware
  • Author:
    Alfredo Oliveira (Senior Threat Researcher)
0

Through data analysis of the container honeypots we’ve set up to monitor threats, we’ve uncovered notable activities of undesired or unauthorized cryptocurrency miners being deployed as rogue containers using a community-contributed container image published on Docker Hub. The image is being abused as part of a malicious service that delivers cryptocurrency-mining malware. Networking tools are retrieved to carry out lateral movement on other exposed containers and applications.

The activities we uncovered are also significant in that they don’t need to exploit vulnerabilities and don’t depend on any version of Docker. Identifying a misconfigured and thus exposed container image is all it could take for attackers to infect many exposed hosts.

Read More
Tags: DevOpsDockerMisconfiguraton

Misconfigured Container Abused to Deliver Cryptocurrency-mining Malware

  • Posted on:October 25, 2018 at 1:56 pm
  • Posted in:Exploits, Malware
  • Author:
    Trend Micro
0

We recently observed cases of abuse of the systems running misconfigured Docker engine with Docker application program interface (API) ports exposed. We also noticed that the malicious activities were focused on scanning for open ports 2375/TCP and 2376/TCP, which are used by the Docker engine daemon (dockerd). The intrusion attempts to deploy a cryptocurrency-mining malware (detected by Trend Micro as Coinminer.SH.MALXMR.ATNE) on the misconfigured systems.

Docker implements virtualization on the operating-system (OS) level — also known as containerization. The Docker APIs, in particular, allow remote users to control Docker images like a local Docker client does. Opening the API port for external access is not recommended, as it can allow hackers to abuse this misconfiguration for malicious activities.

Read More
Tags: cloudContainerDevOpsDocker

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

Sorry. No data so far.

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.