Aqua Blog
Expert insight, best practices and advice on cloud native security, trends, threat intelligence and compliance
Threat Alert: Cloud Network Bandwidth Now Stolen through Cryptojacking

Threat Alert: Cloud Network Bandwidth Now Stolen through Cryptojacking

This blog was co-authored by Asaf Eitani   

Threat actors are looking to increase their financial gain and thus deploy cryptominers which are considered easy to use and lucrative. Cryptomining involves complex calculations leading to high computation power and consequently increased CPU consumption and electricity (or …

Continue reading ›
Aqua-Advantage-Launch-image

Aqua Advantage Empowers Partners to Stop Cloud Native Attacks

When I was hired by Aqua in February, my charter was to leverage my experience and market knowledge to enhance the existing partner program and to build a team of rock stars to support partners based on the new program construct. What I found when I arrived was a program much like others – focused on partner tiers and …

Continue reading ›
Aqua Security AWS Security Competency Partner

Aqua Security Becomes AWS Security Competency Partner

Today, we are pleased to announce that Aqua Security has achieved the Security Competency in the Compliance and Privacy category in the relaunch of the Amazon Web Services (AWS) Security Competency. This designation recognizes that the Aqua Cloud Native Protection Platform (CNAPP) has demonstrated proven technology …

Continue reading ›
Detecting and Capturing Kernel Modules with Tracee and eBPF

Detecting and Capturing Kernel Modules with Tracee and eBPF

Security practitioners often need to investigate malicious artifacts in their environments, which can be challenging if those are deleted or loaded from memory. This is increasingly the case as threat actors are weaponizing Linux kernel modules to perform and hide their attacks. In this blog, we look into kernel …

Continue reading ›
06-22-CIS-Benchmark-Chain-Bench-blog-image-03-1

Audit Your Software Supply Chain for CIS Compliance with Chain-bench

The Center for Internet Security (CIS) has recently released the Software Supply Chain Security Guide, a set of practical, community-developed best practices for securing software delivery pipelines. As an initiator and one of the main contributors to this comprehensive and much-needed guidance, we at Aqua aim to help …

Continue reading ›
Node.js-DLL-hijacking-vulnerability

CVE-2022-32223 Discovery: DLL Hijacking via npm CLI

Aqua Team Nautilus recently discovered that all Node.js versions earlier than 16.16.0 (LTS) and 14.20.0 on Windows are vulnerable to dynamic link library (DLL) hijacking if OpenSSL is installed on the host. Attackers can exploit this vulnerability to escalate their privileges and establish persistence in a target …

Continue reading ›
8220 Gang Deploys a New Campaign with Upgraded Techniques

8220 Gang Deploys a New Campaign with Upgraded Techniques

A recent campaign by the 8220 gang, who have been known to exploit the newly discovered critical Confluence vulnerability (CVE-2022-26134), targeted one of our honeypots. This campaign has evolved over time to deliberately target containers. In this game of cat and mouse, the threat actors used some new techniques, …

Continue reading ›
Securing Kubernetes Everywhere with EKS Anywhere (EKS-A) Bare Metal

Securing Kubernetes Everywhere with EKS Anywhere (EKS-A) Bare Metal

With the release of Amazon EKS Anywhere (EKS-A) Bare Metal, Amazon Web Services has expanded the choices of infrastructure to deploy EKS Anywhere clusters using on-premise bare metal servers as a deployment target. In support of this, Aqua has worked to ensure that as customers adopt EKS Anywhere to automate …

Continue reading ›
How to Secure Your Kubernetes Clusters with Trivy

How to Secure Your Kubernetes Clusters with Trivy

Last month at KubeCon Europe, we released new Kubernetes security scanning for Trivy. It allows you to scan running Kubernetes clusters and resources for misconfigurations directly through the Trivy CLI or by installing the Trivy Kubernetes Operator in a cluster. In this blog, we’ll demonstrate how to use Trivy to …

Continue reading ›
Trivy v0.29.0 Release: RBAC, Helm, Custom Extensions, and More

Trivy v0.29.0 Release: RBAC, Helm, Custom Extensions, and More

The new Trivy release is out! As ever, there are tons of exciting updates and features, such as role-based access control (RBAC) and Helm chart scanning, support for custom extensions, a Trivy Operator Lens integration, and many more. Read on for feature highlights and try them out.

Continue reading ›
GitHub Bug Allowed Third-party Apps to Gain Elevated Permissions

GitHub Bug Allowed Third-Party Apps to Gain Elevated Permissions

We learned about a bug in GitHub that for about five days at the end of February allowed third-party applications connected to GitHub to generate new scoped installation tokens with elevated permissions. For example, if you connected the Codecov app to your GitHub account with read-only access to your repositories, …

Continue reading ›

Subscribe to Email Updates

Popular Posts

Filter by Topic

Show more...