A newly discovered and heavily exploited Docker host vulnerability has allowed hundreds of websites to be illegally accessed and injected with a cryptocurrency miner.
The flaw, CVE-2019-5736, allows an attacker to gain host root access from the Docker container through the remote Docker API. Normally, the Docker API allows admins to control a remote Docker host, including automating the deployment process, control and get the state of your containers, but if this is accessed by an attacker a network can be compromised, said Imperva researchers Vitaly Simonovich and Ori Nakar in a new report.
In this case Imperva found the exposed Docker remote API is has been taken advantage of by hundreds of attackers with many using the access to mine Monero while others are running production environments of MySQL database servers, Apache Tomcat, and others.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.