1. 15
  1.  

  2. 7

    This is the, imo, more interesting pdf direct link:

    https://prevasio.com/static/web/viewer.html?file=/static/Red_Kangaroo.pdf

    1. 6

      From the PDF, these claims are…something?

      Security industry is already raising concerns that proliferation of GoLang, file-less code and Powershell into the world of malware is the most unwelcome development over the recent years

      Later on, the explanation about why Go, .NET, etc. are a security problem is because they’re cross-platform which allegedly makes them more attractive for attackers because of the idea of write once, run anywhere. Yet, most Docker images are packaged for typically a single platform from what I know. This feels like they’re reaching for a way to sow fear.

      1. 5

        The proliferation of C is like a plague, transmitting via the hands of our students, viciously infesting all of our machines with Unix.

    2. 6

      You mean packaging your program and all of its dependencies in a tarball that isn’t part of the system package manager and associated security auditing and update infrastructure doesn’t automatically lead to increased security? I’m shocked!

      1. 4

        This analysis is far too zealous.

        They include images which openly advertise themselves as cryptocoin miners or as hacking tools, because if someone downloads one of those images and runs it without authorisation in a corporate environment, the image is being used for nefarious purposes.

        Sure, companies might want to ban the kannix/monero-miner image, but that doesn’t mean the image has a vulnerability. Does Firefox have a “critical vulnerability” because some companies don’t let people install their own web browser?

        1. 5

          Really?

          We see one of these new reports almost monthly. Sometimes more than each month.

          This one includes:

          “Analyzing all 6,432 malicious / potentially harmful container images is a daunting task.”

          “The first example of a trojanized application can be found in a container image qiscus123/qiscus-wp-2.36Built upon WordPress, the webshell is disguised under a WordPress SEO plugin Yoast: …. Upon closer inspection, it turns out to be a classic WSO web shell (Web Shell By Orb):”

          “Another example of a trojanized application can be found in a container image heroicjokester/tomcat.37 … As seen in its code, it provides a reverse shell on port 4334:”

          “In the final example, a container image adminkalhatti/kl-jenkins39 in … Apart from Jenkins, the image also has several instances of XMRig cryptominer pre-installed in the following “

          “Container image eternity18/ez is one such example. ….. Its index file /var/www/html/index.html contains a malicious VBS script that drops Ramnit42 – a backdoor designed for Windows systems:”

          I understand there are people that like docker and kube for various reasons, but you can’t say that ecosystem is just not filled with malware.

        2. 1

          Why not post the source article?