According to Imperva research, a container flaw reported last month (CVE-2019-5736) in Docker's remote API has already been taken advantage of by hundreds of attackers.\nImperva claims that they were able to locate 3,822 Docker hosts with the remote API (port 2735) publicly exposed. Of these, approximately 400 were accessible, and most of these were running a cryptocurrency miner for a lesser-known form of cryptocurrency called Monero.\n\nMonero\u00a0(ticker symbol XMR) is an open-source\u00a0cryptocurrency that was created in April 2014. It focuses on fungibility (individual units are essentially interchangeable), privacy, and decentralization. It also takes advantage of\u00a0an obfuscated public ledger. That means anyone can broadcast or send transactions, but outside observers cannot tell the source, amount, or destination of the funds.\nMining cryptocurrencies on compromised Docker hosts is, as you'd likely expect, only one form of attack that is possible. Others \u2014 such as launching botnets or stealing credential and data \u2014 are also likely exploits.\nImperva has stressed that\u00a0is it critical that anyone exposing Docker ports make sure that they create security controls that allow only trusted sources to interact with the Docker API. Refer to the Docker documentation on Securing Docker remote daemon\u00a0for more information on how to enforce security controls.\nDetails on Imperva's findings are available at imperva.com.