The integrity of software continues to be a significant and evolving threat for organizations to protect valuable digital infrastructure and data. Attackers are constantly finding new ways to exploit vulnerabilities in code or compromise applications during the development process. Because of the complexity and lack …
Data breaches and ransomware attacks have become a common headline around the globe. Meanwhile, protecting cloud environments has turned into an uphill battle for even the most seasoned CISO. With a broader attack surface, the dynamic nature of open source software, and a growing number of vulnerabilities being …
Eight years ago, Amir Jerbi and I founded Aqua Security with the aspiration of creating a better approach to securing modern cloud applications. While our journey initially focused on securing Docker technology, digital transformation and a changing threat landscape drove us to innovate further and eventually pioneer …
Aqua Nautilus discovered a new campaign that exploits the Openfire vulnerability (CVE-2023-32315), that was disclosed in May of this year, to deploy Kinsing malware and a cryptominer. This vulnerability leads to a path traversal attack, which grants an unauthenticated user access to the Openfire setup environment. …
What does it mean to be an innovator? Is it someone whose face and company are known? Whose product is the most popular? Who has the coolest ads or the most social media likes? According to the Oxford dictionary, an innovator is someone who introduces change and new ideas. At Aqua we have always thought of ourselves …
Recent findings by Aqua Nautilus have exposed significant flaws that are still active in the PowerShell Gallery's policy regarding package names and owners. These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a package. …
If you thought that falling victim to ransomware, or a hacker hijacking your workstation was a nightmare, consider the potential catastrophe of having your Kubernetes (k8s) cluster hijacked. It could be a disaster magnified a million times over.
The Urgent Need for Rapid Remediation
The window of vulnerability after the discovery of a security issue has never been more critical than it is with cloud native applications. Why is that? Cloud apps move fast. With modern CI/CD processes, code can be pushed to production multiple times per day. This means that …
In 2017 and 2020 we saw the oddest campaign - ‘Meow’ - targeting unsecured databases such as MongoDB, Elasticsearch, Cassandra, CouchDB, and other software such as Hadoop clusters, FTPs, Jenkins etc. The Modus Operandi was very simple finding an exposed instance, deleting everything, and destroying data without any …
A recent Java Developer Productivity Report showed that almost 50% of developers are using Apache Tomcat, indicating its widespread usage in the cloud, big data and website development. We will begin by presenting statistics and examples from recent attacks. Afterward, we will delve into a detailed analysis of a …
eBPF is a popular and powerful technology embedded in the Linux kernel. It is widely used by many security tools for monitoring kernel activity to detect and protect organizations. eBPF, however, can potentially be a dual edged sword as it can be used by threat actors as part of their malicious arsenal. Lately, we …