Tag Archive for: pushing

Millions of Docker Hub Repositories Found Pushing Malware

/in


It has been found that almost one-fifth of the repositories on Docker Hub, a popular platform for developers to store and share containerized applications, have been exploited to spread malicious software and phishing scams.

This is a concerning discovery for users who rely on Docker Hub to access and distribute secure software.

This discovery, made by the vigilant security research team at JFrog, highlights the sophisticated strategies employed by cybercriminals to exploit the credibility of Docker Hub’s platform, thereby complicating the detection of phishing and malware deployment attempts.

Docker Hub, a pivotal component of the software development landscape, has been compromised with almost three million malicious repositories, some of which have been active for over three years.

This extensive misuse of the platform calls for enhanced moderation and vigilance to safeguard the integrity of the software ecosystem.

Document

Integrate ANY.RUN in Your Company for Effective Malware Analysis

Are you from SOC, Threat Research, or DFIR departments? If so, you can join an online community of 400,000 independent security researchers:

  • Real-time Detection
  • Interactive Malware Analysis
  • Easy to Learn by New Security Team members
  • Get detailed reports with maximum data
  • Set Up Virtual Machine in Linux & all Windows OS Versions
  • Interact with Malware Safely

If you want to test all these features now with completely free access to the sandbox:

Malicious Docker Hub Containers

JFrog’s security research team has been proactively monitoring open-source software registries as part of its continuous endeavor to fortify the software ecosystem.

Their efforts have previously uncovered malware packages on other major public repositories such as NPM, PyPI, and NuGet. The recent investigation into Docker Hub has unearthed three large-scale malware campaigns that cleverly planted millions of “imageless” repositories.

These repositories, devoid of container images, contain malicious metadata that traps unsuspecting users.

The distribution of these malicious repositories follows distinct patterns. The “Downloader” and “eBook Phishing” campaigns…

Source…

Top US Cyber Agency Pushing Toward First Hack Reporting Rule

/in


A new US notification requirement for victims of malicious hacks could push in-house counsel to disclose cyberattacks when faced with ransomware and other network compromises.

Among the first-ever cyber regulations to be enforced by the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the top US cyber authority, the proposed rules would require companies in 16 critical infrastructure sectors—including healthcare, energy, and finance—to report security incidents within three days and ransomware payments in 24 hours.

CISA’s proposed rule is part of a US effort to shore up defenses against the increasingly disruptive attacks of cyber criminals and nation-backed hacking groups, while simultaneously streamlining overlapping and inconsistent breach-notification reporting requirements across sectors. The rule would nudge companies toward new hiring and staff retraining, and push general counsel toward more active cybersecurity responsibilities.

The Biden administration set December 2025 as the deadline for the final rule, which was mandated in the Cyber Incident Reporting for Critical Infrastructure Act of 2022.

“One glaring challenge has been our cyber incident reporting system, which has recently been revealed as a bureaucratic maze,” said Jackie Singh, a consultant who was a senior cybersecurity staffer in the Biden campaign. “With over 50 disparate reporting channels scattered across numerous government entities, this broken system represents a potential Achilles’ heel. Agility is key to withstand cyber threats in a resilient manner; convoluted reporting structures don’t fit into what we commonly think of as ‘agile.’”

Companies only compound cyber threats when they delay reporting information that could protect other companies or national security, Singh said.

The agency’s new rule is designed to encourage greater visibility into cyber incidents with security implications beyond a single company, so information submitted in the breach reports is guaranteed certain protections.

Chief among those: local, state, and federal governments can’t use the information in the reports to regulate a company providing notice, unless…

Source…

Qakbot hackers now pushing Cyclops/Ransom Knight ransomware, Cisco says

/in


The hackers behind the Qakbot malware have shifted their focus to distributing ransomware, according to security researchers.

The report comes just weeks after law enforcement agencies in the U.S., France, Germany, the Netherlands, the United Kingdom, Romania, and Latvia joined forces to take down Qakbot — one of the most prolific and longest-running botnets.

The agencies not only shut down Qakbot’s computer infrastructure but also proactively removed the malware from infected devices.

On Thursday, researchers from Cisco Talos said that even though the Qakbot malware infrastructure was dismantled, the hackers behind it have been able to keep their distribution tools intact, now using them to spread variants of the Cyclops/Ransom Knight ransomware as well as backdoor malware.

The researchers said the malicious files’ names indicate that the ransomware is being distributed using phishing emails, matching tactics used in past Qakbot campaigns. Some file names are written in Italian, leading Cisco Talos researchers to believe that people in Europe are being targeted.

“The threat actors behind the Qakbot malware have been conducting a campaign since early August 2023 in which they have been distributing Ransom Knight ransomware and the Remcos backdoor via phishing emails,” they said.

“Notably, this activity appeared to begin before the FBI seized Qakbot infrastructure in late August and has been ongoing since, indicating the law enforcement operation may not have impacted Qakbot operators’ spam delivery infrastructure but rather only their command and control (C2) servers.”

When examining the metadata of the malicious files, the researchers got information about the machines used and said it matched those used in previous Qakbot campaigns.

They warned that Qakbot is “likely continue to pose a significant threat moving forward, as the developers were not arrested and Talos assesses they are still operational, opening the possibility that they may choose to rebuild the Qakbot infrastructure.”

Never completely gone

The August operation against Qakbot involved the seizure of infrastructure and cryptocurrency assets used by the group. But almost immediately, experts…

Source…

Chinese report on suspected NSA hack shows Beijing pushing back

/in


For years, Washington has accused Beijing of instigating cyberattacks against the US and its allies. Now, a Chinese cybersecurity firm says it has identified hacking within China by a group linked to the National Security Agency, hinting at a rethink of how Beijing handles its geopolitical rival.

Chinese officials and companies like Huawei Technologies Co have often responded to US accusations in the past by declaring America the worst cyber-offender of all, pointing in particular to Edward Snowden’s revelations about US espionage.

But this week, Pangu Lab said it discovered US-sponsored hacking activity on Chinese soil. It said it found malware in domestic IT systems it claims was created by hacking group Equation, which is “generally believed” to be linked to the US National Security Agency. In a report issued Feb 23 and covered by the Communist Party-backed Global Times, Pangu Lab said the malware, called Bvp47, had been discovered within “a key Chinese department” in 2013 and 2015. Pangu Lab claimed the malware infiltrated systems to monitor and track key institutions in 45 countries around the world, including US allies, in a campaign that lasted 10 years.

The report marked a departure from Beijing’s typical stance. Faced with allegations of hacking, China has routinely denied the behaviour and labelled the US an “empire of hackers”. Beijing responded to recent reporting that Chinese spies used Huawei to hack an Australian telecommunications network by calling the accusations an “arbitrary smear”, “groundless” and “irresponsible”.

But the effectiveness of that approach has been questioned, including by former Global Times editor-in-chief Hu Xijin. In a recent WeChat post, the widely followed journalist said Chinese officials have been unwilling to provoke its geopolitical rivals and their tactic of relying heavily on statistics was ineffective.

“It is dry,” he wrote on Feb 21. “When have you ever seen a fresh face in China, facing the camera and angrily scolding Washington: The cyber hackers you support attacked our computer system!”

That might be…

Source…