Preface In a recent turn of events, RedHunt Labs’ Attack Surface Management (ASM) research team uncovered a potentially disastrous data leak incident involving the automotive giant, Mercedes-Benz. This incident not…
Tag: continuous security
Introduction If you are in the Information Technology sector, you most likely have come across the terms Cloud Object Storage, S3 buckets, and/or buckets. Cloud object storage buckets are like…
In the ever-evolving digital landscape, organizations are constantly grappling with the challenge of securing their vast and ever-expanding attack surfaces. An attack surface refers to the collection of assets and…
With technological advancements come new security risks that threaten the confidentiality, integrity, and availability of sensitive information. In this blog post, we will explore why managing your external attack surface is essential to securing your organization.
By default, every image pushed to the Docker Hub through your free account appears in the public registry by default. This business strategy of Docker Inc. to engage more people into purchasing their paid subscriptions puts the free users at risk. Once an attacker finds exposed docker images related to your organisation, there is plenty of information which can be used by the attacker to cause damage to the organisation’s security posture.
A technical analysis of the two newly released high severity vulnerabilities in OpenSSL, dubbed CVE-2022-3786 and CVE-3602.
Docker is a popular tool that has become synonymous with containers. Docker can build images and run containers. The tool also allows its users to upload their docker images to Docker Hub – the container image registry from Docker Inc. that helps share images. Docker Hub allows free public repositories for images.
During this research, we found more than 1.6 million unique user accounts on Docker Hub. There are more than 6.3 million public repositories at the time of writing this blog.
We, at RedHunt Labs, focus on reducing your organization’s attack surface, help your organization avoid data breaches and help companies mitigate threats before it is too late?