Aqua’s Team Nautilus found a logical flaw in npm that allows threat actors to masquerade a malicious package as legitimate and trick unsuspecting developers into installing it. Up until recently, npm allowed adding anyone as a maintainer of the package without notifying these users or getting their consent. Since you …

What is the CISO approach to securing cloud native applications? Our recent survey of CISOs at Fortune 1000 companies gives a view into their perspectives on the critical security capabilities that allow for speed and agility while reducing friction between teams and preserving business continuity. According to the …

At Aqua, we believe that cloud native is an opportunity to do security right. With the release of our Terraform Provider, we’ve added another tool to do security the cloud native way. With Aqua Terraform Provider, security teams can easily adopt DevOps processes and infrastructure as code (IaC) to consistently …

With another Kubernetes release upon us, there are, as ever, a load of new features to consider. These include features to help companies use Windows containers securely and improvements in Kubernetes’ supply chain security. In this post, we’ll take a look at some of the more significant features of this release.

Today, cloud native platforms are increasingly using eBPF-based security technology. It enables the monitoring and analysis of applications’ runtime behavior by creating safe hooks for tracing internal functions and capturing important data for forensic purposes. Tracee is an open source runtime security and forensics …

As companies continue to adopt cloud native technologies at a rapid pace, an increasing number of cyber threats are targeting the cloud native environment. To defend against these threats, security practitioners must stay abreast of attackers’ evolving tactics, techniques, and procedures. For its 2022 Cloud Native …

Trivy is an easy-to-use, comprehensive open source scanner that helps developers gain visibility into the software components used in their applications. With the growing awareness about supply chain security, software bills of materials (SBOMs) have become the standard for creating software inventory lists. To …

With the accelerated move to the cloud, organizations increasingly rely on large data teams to make data-driven business decisions. In their job, data professionals are given high privileges and access to development and production environments. But what are the security threats that target data tools? And, more …

Following on from our previous post on the risks of privilege escalation in Kubernetes via the node/proxy resource, we’re going to take a look at how users who have rights to the certificate signing request (CSR) API in Kubernetes might be able to use them to escalate their privileges in a cluster. In addition to …

For the past few years, cybercriminals have been hijacking popular npm packages by taking over maintainers’ accounts. As part of our research at Team Nautilus, we discovered two flaws in the npm platform related to two-factor authentication (2FA). An attacker can use these flaws to target npm packages for account …