BleepingComputer reports that at least 35 Docker Hub-hosted Linux images were found by Binarly researchers to remain infected with the XZ Utils backdoor, signifying a potentially serious supply chain threat."...[W]hat we discovered is that some of these compromised images are still publicly available on Docker Hub. And even more troubling, other images have been built on top of these infected base images, making them transitively infected," said Binarly researchers, who noted that Debian, which is among the maintainers of the backdoored images, refused to take down the compromised images after being notified. Debian noted that the images had not been removed due to the unlikely requirements for their exploitation, including sshd installation and execution on the container, as well as attacker SSH service network access and private key usage. Such downplaying of the images' risks has been condemned by Binarly, which emphasized their threat in automated builds or accidental pulls.
Threat Intelligence, Supply chain, DevOps
XZ Utils backdoor remains pervasive in Docker Hub images

(sharafmaksumov/stock.adobe.com)
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



