Docker
How to Publish Docker Images on a Private Nexus Repository Using Jib Maven Plugin
How to create a Nexus repository manager using HTTP and how to set up a Docker repository to publish Docker images using the jib plugin. In this exercise, we are going to ...
Misconfigured Docker API Ports Targeted by Kinsing Malware
Security researchers observed an attack campaign that targeted misconfigured Docker API ports with samples of Kinsing malware. According to Aqua Security, the campaign began when it capitalized on an unprotected Docker API ...
Community Updates: Nancy Has a New Ship, and Found oysteRs
The community team at Sonatype has been working hard on upgrading docker-nancy from a Post Panamax cargo ship to a new and improved Triple E vessel. (See the diagram below). As a ...
PSA: Beware of Exposing Ports in Docker
Docker is an awesome technology, and it’s prevalent in nearly every software developer’s workflow. It is useful for creating identical environments and sharing them between development, testing, production, and others. It’s a ...
Nancy, on a Boat! (Announcing Nancy for Docker)
Nancy is now wrapped up as a Docker image for execution in a pipeline or via an alias in a terminal ...
Graboid Cryptojacking Worm Has Struck Over 2K Unsecured Docker Hosts
Researchers discovered a new cryptojacking worm called “Graboid” that has spread to more than 2,000 unsecured Docker hosts. In its research, Palo Alto Networks’ Unit 42 team noted that it’s the first ...
Nexus Repository Now Supports APT
Beginning with version 3.17, Nexus Repository Manager supports APT (Advanced Package Tool) repositories. APT is a set of tools used to search, install, and manage packages on Debian, Ubuntu, and similar Linux ...
Go Behind the Scenes of a Docker Cryptojacking Attack
When Threat Stack security analyst Ethan Hansen saw an alert in a customer’s environment that read /temp [RANDOM] cnrig, he knew his afternoon was about to get interesting. As part of his ...
Hundreds of Vulnerable Docker Hosts Exploited by Cryptocurrency Miners
Docker is a technology that allows you to perform operating system level virtualization. An incredible number of companies and production hosts are running Docker to develop, deploy and run applications inside containers ...
Container Escape Vulnerability Puts Cloud Infrastructure at Risk
A serious vulnerability in runC, a tool used to spawn and run Linux containers, allows attackers to break out of containerized environments and gain full access to the underlying servers. RunC is ...