Wiz Threat Research revealed that a significant portion of cloud environments is at risk due to a campaign by the attacker known as JINX-0132. This attacker exploits vulnerabilities in widely-used DevOps tools, especially targeting HashiCorp’s Nomad and Consul, Docker API, and Gitea. With a quarter of cloud users running these technologies, it's alarming that many expose them directly to the Internet and have misconfigurations. The researchers highlighted security flaws in these tools that make them susceptible to attacks, allowing illicit cryptocurrency mining.
Key Takeaway: Up to 25% of cloud users risk resource theft by attackers exploiting vulnerabilities in DevOps tools to mine cryptocurrencies illegally.
Collection
[
|
...
]