Aqua Blog
Expert insight, best practices and advice on cloud native security, trends, threat intelligence and compliance
Innovating Cloud Security: Why Aqua Leads in Gigaom CSPM Radar

Innovating Cloud Security: Why Aqua Leads in Gigaom CSPM Radar

What does it mean to be an innovator? Is it someone whose face and company are known? Whose product is the most popular? Who has the coolest ads or the most social media likes? According to the Oxford dictionary, an innovator is someone who introduces change and new ideas. At Aqua we have always thought of ourselves …

Continue reading ›
PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks

PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks

Recent findings by Aqua Nautilus have exposed significant flaws that are still active in the PowerShell Gallery's policy regarding package names and owners. These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a package. …

Continue reading ›
Kubernetes Exposed: One Yaml away from Disaster

Kubernetes Exposed: One Yaml away from Disaster

If you thought that falling victim to ransomware, or a hacker hijacking your workstation was a nightmare, consider the potential catastrophe of having your Kubernetes (k8s) cluster hijacked. It could be a disaster magnified a million times over.

Continue reading ›
AI-Guided Remediation: Unify Teams and Speed Vulnerability Resolution

AI-Guided Remediation: Unify Teams and Speed Vulnerability Resolution

The Urgent Need for Rapid Remediation

The window of vulnerability after the discovery of a security issue has never been more critical than it is with cloud native applications. Why is that? Cloud apps move fast. With modern CI/CD processes, code can be pushed to production multiple times per day. This means that …

Continue reading ›
Three Years Later: The Meow Campaign Reaches Jupyter

Three Years Later: The Meow Campaign Reaches Jupyter

In 2017 and 2020 we saw the oddest campaign - ‘Meow’ - targeting unsecured databases such as MongoDB, Elasticsearch, Cassandra, CouchDB, and other software such as Hadoop clusters, FTPs, Jenkins etc. The Modus Operandi was very simple finding an exposed instance, deleting everything, and destroying data without any …

Continue reading ›
Tomcat Under Attack: Exploring Mirai Malware and Beyond

Tomcat Under Attack: Exploring Mirai Malware and Beyond

A recent Java Developer Productivity Report showed that almost 50% of developers are using Apache Tomcat, indicating its widespread usage in the cloud, big data and website development. We will begin by presenting statistics and examples from recent attacks. Afterward, we will delve into a detailed analysis of a …

Continue reading ›
Detecting eBPF Malware with Tracee

Detecting eBPF Malware with Tracee

eBPF is a popular and powerful technology embedded in the Linux kernel. It is widely used by many security tools for monitoring kernel activity to detect and protect organizations. eBPF, however, can potentially be a dual edged sword as it can be used by threat actors as part of their malicious arsenal. Lately, we …

Continue reading ›
TeamTNT Reemerged with New Aggressive Cloud Campaign

TeamTNT Reemerged with New Aggressive Cloud Campaign

In part one of this two-part blog series, titled "The Anatomy of Silentbob's Cloud Attack," we provided an overview of the preliminary stages of an aggressive botnet campaign that aimed at cloud native environments. This post will dive into the full extent of the campaign and provide a more comprehensive exploration …

Continue reading ›
From Cloud Security Posture Management to Real-Time CSPM

From Cloud Security Posture Management to Real-Time CSPM

With the growing sophistication of cyber-attacks and increasing complexity of multi-cloud environments, partial visibility alone isn’t enough. Real-Time CSPM improves upon traditional CSPM by bringing deep, real-time context and prioritization to discovered issues. Providing you with complete visibility to reduce the …

Continue reading ›
The Future is CNAPP: Why I Joined Aqua

The Future is CNAPP: Why I Joined Aqua

Why did I join Aqua? Coming from Microsoft Defender, I have witnessed the CNAPP market mature. I’ve seen players of all shapes emerge, and I’ve seen customers come to understand why they need dedicated cloud security. Through all of it Aqua always stood up in my mind as a leader in the cloud security race, and here's …

Continue reading ›
Threat Alert: Anatomy of Silentbob’s Cloud Attack

Threat Alert: Anatomy of Silentbob’s Cloud Attack

Aqua Nautilus researchers identified an infrastructure of a potentially massive campaign against cloud native environments. This infrastructure is in early stages of testing and deployment, and is mainly consistent of an aggressive cloud worm, designed to deploy on exposed JupyterLab and Docker APIs in order to deploy …

Continue reading ›