As a critical next step in securing Microsoft Windows containers running on Azure Kubernetes Service (AKS), Aqua Security has worked with Microsoft to make it easy for customers to deploy, upgrade, and auto scale deployment of cloud runtime security, assurance enforcement, networking segmentation and monitoring for …

A fileless attack is a technique that takes incremental steps toward gaining control of your environment while remaining undetected. In a fileless attack, the malware is directly loaded into memory and executed, evading common defenses and static scanning. 

Attackers are sophisticated, there is always a lag between zero days and mitigation, and production workloads are critical. So why is the adoption of runtime security for cloud native applications still lower than shift-left security practices for the same applications? 

This blog was co-authored by Asaf Eitani   

Threat actors are looking to increase their financial gain and thus deploy cryptominers which are considered easy to use and lucrative. Cryptomining involves complex calculations leading to high computation power and consequently increased CPU consumption and electricity (or …

When I was hired by Aqua in February, my charter was to leverage my experience and market knowledge to enhance the existing partner program and to build a team of rock stars to support partners based on the new program construct. What I found when I arrived was a program much like others – focused on partner tiers and …

Today, we are pleased to announce that Aqua Security has achieved the Security Competency in the Compliance and Privacy category in the relaunch of the Amazon Web Services (AWS) Security Competency. This designation recognizes that the Aqua Cloud Native Protection Platform (CNAPP) has demonstrated proven technology …

Security practitioners often need to investigate malicious artifacts in their environments, which can be challenging if those are deleted or loaded from memory. This is increasingly the case as threat actors are weaponizing Linux kernel modules to perform and hide their attacks. In this blog, we look into kernel …

The Center for Internet Security (CIS) has recently released the Software Supply Chain Security Guide, a set of practical, community-developed best practices for securing software delivery pipelines. As an initiator and one of the main contributors to this comprehensive and much-needed guidance, we at Aqua aim to help …

Aqua Team Nautilus recently discovered that all Node.js versions earlier than 16.16.0 (LTS) and 14.20.0 on Windows are vulnerable to dynamic link library (DLL) hijacking if OpenSSL is installed on the host. Attackers can exploit this vulnerability to escalate their privileges and establish persistence in a target …

A recent campaign by the 8220 gang, who have been known to exploit the newly discovered critical Confluence vulnerability (CVE-2022-26134), targeted one of our honeypots. This campaign has evolved over time to deliberately target containers. In this game of cat and mouse, the threat actors used some new techniques, …