🪤 From @BleepingComputer:

「 The German researchers analyzed 337,171 images from Docker Hub and thousands of private registries and found that roughly 8.5% contain sensitive data such as private keys and API secrets.

The paper further shows that many of the exposed keys are actively used, undermining the security of elements that depend on them, like hundreds of certificates 」

#Docker #Infosec #Devops
https://www.bleepingcomputer.com/news/security/thousands-of-images-on-docker-hub-leak-auth-secrets-private-keys/

Thousands of images on Docker Hub leak auth secrets, private keys

Researchers at the RWTH Aachen University in Germany published a study revealing that tens of thousands of container images hosted on Docker Hub contain confidential secrets, exposing software, online platforms, and users to a massive attack surface.

^{Bill Toulas (BleepingComputer)}