Aqua Blog
Expert insight, best practices and advice on cloud native security, trends, threat intelligence and compliance
CVE-2020-15157 Containerd

CVE-2020-15157: Vulnerability in Containerd Can Leak Cloud Credentials

A new vulnerability was found in containerd, located in the container image-pulling process. The new CVE includes manipulation of the image manifest, allowing attackers to craft an image that can leak the host’s registry or cloud credentials when pulled from a registry. This leak occurs even before the image is …

Continue reading ›
Rules-based registry scanning

Scanning Registries at Scale with Rules-based Image Pulls

Let’s face it, the demands of modern application development put tremendous pressure on Dev. Just to keep up with production demands, most developers have to keep numerous images available in their registries. These images include production images, images being built and pushed regularly, recent “known good” …

Continue reading ›
Github security scanning with trivy

Find Image Vulnerabilities Using GitHub and Aqua Security Trivy Action

Modern-day CI/CD pipelines enable new security approaches and transform the DevOps landscape to accommodate a variety of safety nets into the software supply chain. GitHub Actions is an example of one of those safety nets, making it possible to perform a variety of pipeline steps (build, test, and deploy) from …

Continue reading ›
Hacktoberfest 2020

Hacktoberfest 2020: Celebrate Open Source with Aqua!

October is upon us, and Hacktoberfest is here again! It’s the month-long celebration of something we all love – open source. Our second annual Hacktoberfest officially kicks off now!

In honor of Hacktoberfest, we want to recognize our community and reward your contributions to our open source projects during …

Continue reading ›
Container Security

Threat Alert: TeamTNT is Back and Attacking Vulnerable Redis Servers

Over the past few weeks, TeamTNT grabbed headlines after launching several novel attacks against cloud native infrastructure. In response, Docker Hub decided to remove TeamTNT’s malicious images from its community and deleted the user 'Hildeteamtnt.' But just a few days later, TeamTNT reemerged with a catchy logo …

Continue reading ›
container security alert

Threat Alert: Massive Cryptomining Campaign Abusing GitHub, Docker Hub, Travis CI & Circle CI

Aqua’s Team Nautilus detected an impressive campaign that set out to hijack resources to enable cryptocurrency mining. This operation focused on several SaaS software development environments, including Docker Hub, GitHub, Travis CI, and Circle CI, by abusing their automated build processes.

Continue reading ›
RedHat Marketplace

Deploy Aqua at the Speed of DevOps using Red Hat Marketplace

IBM joins the growing list of cloud vendors to develop their own e-commerce platform, as they recently developed Red Hat Marketplace. This new platform provides a digital, transactable catalog with various software listings covering both proprietary cloud services as well as solutions from independent software …

Continue reading ›
Cloud Native Security for Cloud VMs

Protecting Cloud VMs for Full-Stack Cloud Native Security

The management of Virtual Machines (VMs) in the cloud is not like anything else in your cloud native environment. Traditional host-based security methods used for VMs running on physical servers relied on agents to perform functions that simply do not exist in cloud native environments. In addition, cloud instances …

Continue reading ›
AWS Bottlerocket

Securing Container Workloads on AWS Bottlerocket

We’ve been working with Amazon Web Services (AWS) to extend the Aqua cloud native security platform to support AWS Bottlerocket — a purpose-built, Linux-based, open source OS for running containers on virtual machines or bare metal hosts — which is now GA. This combined effort ensures that AWS customers who use …

Continue reading ›
Tean TNT attack container analysis

Deep Analysis of TeamTNT Techniques Using Container Images to Attack

This blog was co-authored with Assaf Morag, Lead Security Analyst at Aqua Security

Ever notice how news about hidden malware almost always focuses on remediation AFTER the fact? So did we. Even now, there’s yet another news story about a rash of attacks by a group called TeamTNT. They used a crypto-mining worm to …

Continue reading ›

Uncover Malware Payload Executions Automatically with Tracee

We have some exciting news about two new features in Tracee, Aqua’s open source container and system tracing utility. Now, Tracee is much more than just a system call tracer, it’s a powerful tool that can be used to perform forensic investigations and dynamic analysis of binaries – both are incredibly useful when …

Continue reading ›