Hey, Docker users, check your shit. If you have
publicly-accessible Docker API ports, you're doing it wrong.

"The Docker remote API listens on ports 2735 / 2736. By default, the remote API is only accessible from the loopback interface (“localhost”, “127.0. 0.1”), and should not be available from external sources."

Attackers are targeting misconfigured cloud-based docker instances running on Linux distributions with an undetectable strand of malware.

@ScottMortimer uhhh but assume this is mitigated when you TLS encrypt the API end-point for remote connections?

Hey, whatever mitigation secures the system is a good one! :ablobcool:

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.