Aqua Blog
Expert insight, best practices and advice on cloud native security, trends, threat intelligence and compliance
What To Know: A Summary of the Compliance Guide to SSDF

What To Know: A Summary of the Compliance Guide to SSDF

NIST has recently researched, defined, and released an entirely new standard for incorporating security into the software development lifecycle called The Secure Software Development Framework.  It was uniquely designed to help address the tremendous gaps in software supply chain security that expose organizations to …

Continue reading ›
Cloud Security Trends for 2023 Part Two

Cloud Security Trends for 2023 Part Two

Last month Aqua published a blog with the predictions from our Nautilus security research team regarding trends and new threats we are watching for 2023. In case you missed it over the holidays, we’ve included a link at the end of this post – it’s definitely worth the read.

Continue reading ›
Should You Use SLSA or CIS Software Supply Chain Security Guidelines?

Should You Use SLSA or CIS Software Supply Chain Security Guidelines?

With recent software supply chain attacks on the rise, CISOs being held personally liable, and the United States government requiring minimum security software standards for any products and services they procure, the development industry is refocusing on software development strategies that make security a priority. …

Continue reading ›
Supply Chain Security: Shifting Left to the Golden Pipeline

Supply Chain Security: Shifting Left to the Golden Pipeline

According to an article in Security Magazine, 98% of organizations have been negatively impacted by a cybersecurity breach in their supply chain. Aqua’s 2021 Software Supply Chain Security Review notes that “attackers focused heavily on open source vulnerabilities and poisoning, code integrity issues, exploiting the …

Continue reading ›
Can You Trust Your VSCode Extensions?

Can You Trust Your VSCode Extensions?

Aqua Nautilus researchers have recently discovered that attackers can easily impersonate popular Visual Studio Code extensions and trick unknowing developers into downloading them. In original vulnerability research, we’ve uncovered a new attack method which could act as an entry point for an attack on many …

Continue reading ›
In-depth Analysis of the PyTorch Dependency Confusion Administered Malware

In-depth Analysis of the PyTorch Dependency Confusion Administered Malware

Recently, a dependency of the widely used PyTorch-nightly Python package was targeted in a dependency confusion attack, resulting in thousands of individuals downloading a malicious binary that exfiltrated data through DNS. The individual responsible for this attack claimed to be a security researcher whose research …

Continue reading ›
Cloud Security Trends for 2023 Part One

Cloud Security Trends for 2023 Part One

As we think about what Cloud Native security will look like in 2023, we can’t avoid thinking about the old cat-and-mouse game cliché of cyber security. Every year new attacks emerge while new security solutions are created and old security fixes are upgraded. Threat actors constantly append new methods to the old …

Continue reading ›
Recent Verdict Against Uber CISO is a Game Changer

Recent Verdict Against Uber CISO is a Game Changer

In early October, the US Department of Justice announced that a verdict had been reached in the case against former Uber CISO Joe Sullivan, finding him guilty of two counts associated with covering up a data breach at the company. What made the Uber data breach case particularly noteworthy was that it was not seeking …

Continue reading ›
Technical Review: A Deep Analysis of the Dirty Pipe Vulnerability

Technical Review: A Deep Analysis of the Dirty Pipe Vulnerability

Dirty Pipe (CVE-2022-0847) proved that there is a new way to exploit Linux syscalls to write to files with a read-only privileges. The fact that someone can write to a file regardless of its permissions is a big security threat. An application of this vulnerability would be to write on the host from an unprivileged …

Continue reading ›
Kubernetes Version 1.26: An Overview

Kubernetes Version 1.26: An Overview

Kubernetes Version 1.26 was released with 37 new enhancements including 11 Stable, 10 Beta, 16 Alpha, and 12 features deprecated or removed. In this blog, we will highlight its most notable features and show how using Trivy will help you find deprecated Kubernetes resources.

Continue reading ›
Frost Radar for CNAPPs: Why is Aqua the Top Innovation Leader?

Frost Radar for CNAPPs: Why is Aqua the Top Innovation Leader?

Fifteen vendors. That’s the number of CNAPPs featured in analyst firm Frost & Sullivan’s recent radar for Cloud Native Application Protection Platforms, the first report to rank CNAPP solution providers to come out at this early stage of the market. Not surprisingly to us, Aqua came out on top (or rather, to the …

Continue reading ›

Subscribe to Email Updates

Popular Posts

Filter by Topic

Show more...