Docker Hub, The Backdoor

Dan Goodin, writing at Ars Technica, reported. last week of the backdooring of the Docker Hub by compromised Docker images placed on the site. Apparently, all is well now, as the backdoored image has been removed (after five solid months of public complaints)… The takeaway? Timely Security Hygiene Is A Crucial Attribute For Success Docker Hub Admins!

“Neither the Docker Hub account nor the malicious images it submitted were taken down. Over the coming months, the account went on to submit 14 more malicious images. The submissions were publicly called out two more times, once in January by security firm Sysdig and again in May by security company Fortinet. Eight days after last month’s report, Docker Hub finally removed the images.” – via Dan Goodin, writing at everyone’s beloved Ars Technica

*** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://www.infosecurity.us/blog/2018/6/26/docker-hub-compromised