Hello, welcome to the Friday, April 23rd, 2021 edition of the Santer at Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

We're using Docker containers as well, who doesn't these days?

We have a quick diary by Xavier today, introducing a quick tool that allows

you to check if your Docker image is suffering from any known vulnerabilities or back

doors. There's sort of two big problems when it comes to Docker containers. First

of all, they may just be out of

date and contain vulnerable software, but sometimes they also come with additional goodies,

kind of these certified pre-poned Docker containers. So the tool that Xavier is talking about here, GRIP, should be able to help you identify at least some of these issues.

Take a look at his diary. It's a pretty straightforward tool.

And Risk IQ did some data harvesting to look for additional parts of the attack infrastructure

used in the Solar Winds event, and they were successful identifying a couple additional

domains that may be associated with the same attack group. Now, they based this on really two

pieces of evidence. First of all,

the time frame in which the certificates were issued, that's somewhat unique to solar winds.

However, of course, there were a large number of certificates associated with that particular

time frame and the certificate authorityior authority that the SolarWinds

attackers used. Next, they narrowed down the list by looking at specific patterns coming back

from these web servers and limiting those two patterns that matched known patterns from existing infrastructure

used by this attacker. Doing so, they were able to narrow down to a total of 10 new domains,

and additional information is published by Risk IQ as part of their threat portal.

So given that they narrowed it down quite well, it may be worthwhile to take a quick look

...