Written by Vladimir Remenar15.06.201915.06.2019

AESDDoS Botnet Malware iskorištava krivo konfiguriran Docker API

Kriva konfiguracija jednako je opasna kao i bilo koji vulnerability. U ovom slučaju ekipa, komfora radi, omogućava Docker API na portu 2375 dostup s javnog Interneta.

Napad kreće skenom porta, izlistava running kontejnere a zatim se deploya upotrebom “docker exec” naredbe. A onda kreće show.

https://blog.trendmicro.com/trendlabs-security-intelligence/aesddos-botnet-malware-infiltrates-containers-via-exposed-docker-apis/

Leave a ReplyCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.