Aqua Blog
Experts insight, best practices and advice on cloud native security, trends, threat intelligence and compliance
Tracee Blog Image650x315

Tracee: Tracing Containers with eBPF

This week at Velocity Berlin, I’ll be giving a talk called A Beginner’s Guide to eBPF. To coincide with it, we’re opening up a new Aqua Security open source project called Tracee, which uses eBPF to trace events in containers. This isn’t something that most developers need to do on a day-to-day basis, but for those …

Continue reading ›
Docker API Honeypots

Threat Alert: Maneuver Docker API for Host Takeover

Docker clients can communicate with the daemon either locally, via a unix socket, or over a network via a TCP socket. Aqua's research team discovered an interesting attack vector running on top of an unsecured Docker socket API. Instead of running a malicious Docker image, the attacker changes the traditional …

Continue reading ›
HacktoberFest Update

Follow Up on the 2019 Aqua Hacktoberfest Challenge

Last month, we announced aqua's Hacktoberfest challenge: Calling to contribute to any of our open-source projects during the month of October and win prizes! In this post, we’d like to share the results and provide instructions on how you can claim your rewards.

Continue reading ›
Optimized Logging for Container Workloads

Optimized Logging for Container Workloads Using AWS FireLens

Managing a growing number of systems and applications can be complicated and time consuming, making it particularly important to find a way to centralize and optimize your data. As a result, AWS has recently released FireLens which, working with Fluentd and Fluent Bit, allows you to route your logs to a large …

Continue reading ›
secure vms

Cloud VM Security with Aqua CSP

We have enhanced our Cloud Native Security Platform (CSP) by adding Cloud VM protection capabilities for VMs that are not running container workloads. Aqua now provides a full-stack security solution across all workload types: VMs, containers, and serverless functions, for both Linux and Windows VMs.

Continue reading ›
sudo Vulnerability

CVE-2019-14287 sudo Vulnerability Allows Bypass of User Restrictions

A new vulnerability was discovered earlier this week in the sudo package. Sudo is one of the most powerful and commonly used utilities installed on almost every UNIX and Linux-based operating system.

Continue reading ›
aqua open source security

Aqua Celebrates Open Source at Hacktoberfest

It’s that time of the year again - for some people October is a month of beer, and for others (like us) it’s hacking time! Hacktoberfest, named after the famous German festival Oktoberfest, is a wonderful initiative that invites developers from around the world to participate and contribute to Open Source. At Aqua, …

Continue reading ›
Kubernetes Security

DNS Spoofing on Kubernetes Clusters

In this post I’ll describe how an attacker, who manages to run malicious code on a cluster can, with no special permissive permissions, successfully spoof DNS responses to all the applications running on the cluster, and from there execute a MITM (Man In The Middle) on all network traffic of pods.Before we get into …

Continue reading ›
Trivy Vulnerability Scanner

Trivy Vulnerability Scanner Joins the Aqua Family

If you’re interested in container image vulnerability scanning, there’s a good chance that you have come across the Trivy open source scanning tool. This project has been receiving rave reviews for its ease-of-use, as well as its comprehensive vulnerability tracking across both OS packages and language-specific …

Continue reading ›

Kubernetes Pod Escape Using Log Mounts

Kubernetes has many moving parts, and sometimes combining them in certain ways can create unexpected security flaws. In this post you’ll see how a pod running as root and with a mount point to the node’s /var/log directory can expose the entire contents of its host filesystem to any user who has access to its logs. …

Continue reading ›
Pivotal cloud foundry security

Native Runtime Protection for Pivotal Cloud Foundry

The Pivotal Application Service (PAS) is a distribution of Cloud Foundry Application Runtime (CFAR), part of the Pivotal Cloud Foundry suite. It is widely used especially among large enterprise organizations. Aqua now provides a full lifecycle solution for Pivotal Application Service workloads, from scanning and …

Continue reading ›