Hey, Docker users, check your shit. If you have
publicly-accessible Docker API ports, you're doing it wrong.
"The Docker remote API listens on ports 2735 / 2736. By default, the remote API is only accessible from the loopback interface (“localhost”, “127.0. 0.1”), and should not be available from external sources."
Attackers are targeting misconfigured cloud-based docker instances running on Linux distributions with an undetectable strand of malware.
Hey, whatever mitigation secures the system is a good one!
A Mastodon instance for info/cyber security-minded people.