Creator, Author and Presenter: Alex Kulesza
Our thanks to USENIX for publishing their Presenter’s outstanding USENIX Enigma ’23 Conference content on the organization’s’ YouTube channel.
The post USENIX 2025: PEPR ’25 – Practical Considerations For Differential Privacy appeared first on Security Boulevard.
The cooperative agreement between the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the not-for-profit Center for Internet Security is ending today, the agency has announced on Monday, and CISA will take it upon itself to offer support to US state, local, tribal, and territorial (SLTT) governments by way of grants, tools, and cybersecurity expertise. MS-ISAC funding cut leaves core services intact but trims key support The Center for Internet Security (CIS) runs the Multi-State … More →
The post CISA says it will fill the gap as federal funding for MS-ISAC dries up appeared first on Help Net Security.
Sep 30, 2025 - Lina Romero - In 2025’s fast-moving cyber landscape, attacks are everywhere and AI and APIs are the biggest targets. We’ve spoken before about hackers exploiting Docker Swarm to launch cryptomining attacks, but now attackers are using Docker APIs for other malicious purposes. It started this June. Trend Micro noticed abnormal activity in Docker’s APIs- attacks that started as requests to exposed APIs to retrieve a list of containers. The bad actors would then create a novel container to connect to the host root and carry out their attack on the host system. However, an encoded payload hidden in the initial request executes a shell script that sets up the Tor browser in the container and fetches a payload over the Tor network (Security Week). The attackers can then deploy a malicious shell script and modify the SSH configuration of the host system. At this point, the attackers deploy a binary acting as a dropper for an XMRig cryptocurrency miner and “all necessary execution stops internally, allowing it to deploy the miner without requiring the download of any external components” in order to avoid detection (Trend Micro). However, this was only the beginning- on September 8th of this year, hackers launched similar attacks, but with a twist: after carrying out the same initial steps, they proceeded to block external access to the Docker API by writing a command to the cron tab file to create a cron job that blocks its access every minute. From there, threat actors can perform mass scans for other open ports, and propagate malware in new containers using the exposed APIs. Researchers from Trend Micro determined that the attackers used AI in the creation of these tools. What is especially troubling is that these attacks are growing more advanced and may only continue to increase in volume and complexity. As AI and API attacks surge, Docker APIs are a popular target for attackers. Maintaining strong API security is the corner store of cybersecurity as a whole- after all, API security IS AI security. To learn more about securing AI and APIs, check out FireTail’s all-in-one approach. Set up a demo or start a free trial today.
The post Docker APIs Targeted – FireTail Blog appeared first on Security Boulevard.