HackDig : Dig high-quality web security articles for hackers

How to monitor Istio, the Kubernetes service mesh

In this article, we are going to deploy and monitor Istio over a Kubernetes cluster. Istio is a service mesh platform that offers advanced routing, balancing, security, and high availability features, plus Prometheus-style metrics for your services out-of-the-box. What is Istio? Istio is a platform used to interconnect microservices.It provides advance
Publish At:2020-09-30 11:35 | Read:224 | Comments:0 | Tags:AWS DCOS Docker Google Cloud IBM Cloud Kubernetes OpenShift

TeamTNT is the first cryptomining bot that steals AWS credentials

Security researchers have discovered a new crypto-minining botnet, dubbed TeamTNT, that is able to steal AWS credentials from infected servers. Security firm Cado Security reported that the TeamTNT botnet is the first one that is able to scan and steal AWS credentials. The TeamTNT botnet is a crypto-mining malware operation that has been active since A
Publish At:2020-08-18 06:26 | Read:360 | Comments:0 | Tags:Breaking News Cyber Crime Malware botnet Docker Hacking hack

Doki, an undetectable Linux backdoor targets Docker Servers

Experts spotted an undetectable Linux malware that exploits undocumented techniques to evade detection and targets publicly accessible Docker servers Cybersecurity researchers at Intezer spotted a new completely undetectable Linux malware, dubbed Doki, that exploits undocumented evasion techniques while targeting publicly accessible Docker servers. Th
Publish At:2020-07-29 09:05 | Read:479 | Comments:0 | Tags:Breaking News Cyber Crime Digital ID Hacking Malware botnet

New XORDDoS, Kaiji DDoS botnet variants target Docker servers

Operators behind XORDDoS and Kaiji DDoS botnets recently started targeting Docker servers exposed online, Trend Micro warns. Trend Micro researchers reported that operators behind XORDDoS and Kaiji DDoS botnets recently started targeting Docker servers exposed online. XORDDoS, also known as XOR.DDoS, first appeared in the threat landscape in 2014 it is
Publish At:2020-06-24 03:35 | Read:682 | Comments:0 | Tags:Breaking News Hacking Malware botnet Docker hacking news inf

XORDDoS, Kaiji Botnet Malware Variants Target Exposed Docker Servers 

Insights and analysis by Augusto Remillano II With additional analysis by Patrick Noel Collado and Karen Ivy Titiwa We have recently detected variants of two existing Linux botnet malware types targeting exposed Docker servers; these are XORDDoS malware (detected by Trend Micro as Backdoor.Linux.XORDDOS.AE) and Kaiji DDoS malware (detected by Trend Micro as
Publish At:2020-06-23 02:01 | Read:683 | Comments:0 | Tags:Botnets Cloud botnet DDoS Docker Kaiji XORDDoS DDOS

Experts found a Privilege escalation issue in Docker Desktop for Windows

A severe privilege escalation vulnerability, tracked as CVE-2020-11492, has been addressed in the Windows Docker Desktop Service.  Cybersecurity researchers from Pen Test Partners publicly disclosed a privilege escalation vulnerability in the Windows Docker Desktop Service.  The CVE-2020-11492 issue affects the way the service uses named pipes when com
Publish At:2020-05-24 12:16 | Read:574 | Comments:0 | Tags:Breaking News Hacking Docker information security news it se

Hackers target Docker servers to deploy the new Kinsing cryptocurrency miner

Experts uncovered a hacking campaign that is breaching Docker clusters to deploy a new crypto-mining malware tracked as Kinsing. Cloud security firm Aqua Security uncovered a hacking campaign carried out during the past months, hackers are scanning the Internet for Docker servers running API ports exposed without a password. Then the attackers break into
Publish At:2020-04-06 17:16 | Read:1026 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Malware Cryptocurrency min

Misconfigured Docker API Ports Targeted by Kinsing Malware

Security researchers observed an attack campaign that targeted misconfigured Docker API ports with samples of Kinsing malware.According to Aqua Security, the campaign began when it capitalized on an unprotected Docker API port to run a Ubuntu container.The command used for creating the Ubuntu container included a shell script “d.sh.” By means of
Publish At:2020-04-06 16:53 | Read:951 | Comments:0 | Tags:Cloud Latest Security News Docker Kinsing malware

Understanding Kubernetes pod evicted and scheduling problems

Pod evicted and scheduling problems are side effects of Kubernetes limits and requests, usually caused by a lack of planning. Beginners tend to think limits are optional, and merely an obstacle for your stuff to run. Why should I set a limit if I can have no limits? I may need all CPU eventually. With this way of thinking Kubernetes wouldn’t hav
Publish At:2020-01-23 23:50 | Read:865 | Comments:0 | Tags:Docker Kubernetes OpenShift Sysdig Monitor

Image Scanning with Github Actions

In this blog post, you will learn how to setup image scanning with Github Actions using Sysdig Secure DevOps Platform. We will create a basic workflow to perform a local scan to detect vulnerabilities and bad practices before the image is pushed to any registry. We will also customize scanning policies to stop the build according to a set of defined rules.
Publish At:2020-01-14 23:50 | Read:1004 | Comments:0 | Tags:Sysdig Secure Docker Github Github Actions Kubernetes

Why Running a Privileged Container in Docker Is a Bad Idea

By David Fiser and Alfredo Oliveira Privileged containers in Docker are, concisely put, containers that have all of the root capabilities of a host machine, allowing the ability to access resources which are not accessible in ordinary containers. One use case of a privileged container is running a Docker daemon inside a Docker container; another is where the
Publish At:2019-12-20 14:35 | Read:3466 | Comments:0 | Tags:Cloud Container Security Docker Privileged Container

TROOPERS20 Training Teaser: Swim with the whales – Docker, DevOps & Security in Enterprise Environments

Containerization dominates the market nowadays. Fancy buzzwords like continuous integration/deployment/delivery, microservices, containers, DevOps are floating around, but what do they mean? What benefits do they offer compared to the old dogmas? You’re gonna find out in our training! We are going to start with the basics of Docker, Containers and DevO
Publish At:2019-12-02 05:15 | Read:1767 | Comments:0 | Tags:Misc DevOps Docker K8 kubernetes TROOPERS TROOPERS20

Graboid Cryptojacking Worm Has Struck Over 2K Unsecured Docker Hosts

Researchers discovered a new cryptojacking worm called “Graboid” that has spread to more than 2,000 unsecured Docker hosts.In its research, Palo Alto Networks’ Unit 42 team noted that it’s the first time it’s discovered a cryptojacking worm specifically using containers in the Docker Engine for distribution. (It’s not the
Publish At:2019-10-18 10:10 | Read:1579 | Comments:0 | Tags:IT Security and Data Protection Latest Security News cryptoj

“TorWitness” Docker Container: Automated (Tor) Websites Screenshots

The idea of this Docker container came after reading the excellent Micah Hoffman’s blog post: Dark Web Report + TorGhost + EyeWitness == Goodness. Like Micah, I’m also receiving a daily file with new websites discovered on the (dark|deep) web (name it as you prefer). This service is provided by @hunchly Twitter account. Once a day, you get an XLS
Publish At:2017-10-25 15:50 | Read:5020 | Comments:0 | Tags:Docker Software Tor Website

[SANS ISC] The easy way to analyze huge amounts of PCAP data

I published the following diary on isc.sans.org: “The easy way to analyze huge amounts of PCAP data“. When you are investigating a security incident, there are chances that, at a certain point, you will have to dive into network traffic analysis. If you’re lucky, you’ll have access to a network capture. Approximatively one year ago, I wrote a qui
Publish At:2017-09-28 08:00 | Read:3596 | Comments:0 | Tags:Docker SANS Internet Storm Center Security Moloch network pc

Tools