Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Protect assets from ransomware, trojans, rootkits and more.
Intelligence and visibility across AWS, O365, DevOps and more.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
On April 25th, Docker Hub was breached by an unidentified threat actor(s) . Account information was exposed and potentially exfiltrated. Docker Hub is a repository for identifying and sharing software container images . The breach affected 190,000 Docker accounts, exposing usernames, hashed passwords, and GitHub and Bitbucket tokens. As a precaution, Docker is notifying affected users and has revoked all tokens and access keys . Users of Docker are strongly recommended to update all passwords, reconnect Docker repositories and review security logs for changes or illicit access.
What you should do about it
The threat actor(s) were able to access one Docker Hub database. Docker is still investigating the intrusion and has not publicly identified how initial access was gained.
This breach requires immediate attention as malicious access to code repositories could result in the theft of source code or the injection of malicious code into the Docker container deployment process. Technically capable threat actors may use the information from this breach to identify additional target organizations and initiate attacks through backdoors or other malicious content hidden in the modified Docker container. References: