Aqua Blog
Expert insight, best practices and advice on cloud native security, trends, threat intelligence and compliance
The TX-RAMP Certification: A Vital Credential for Aqua Security

The TX-RAMP Certification: A Vital Credential for Aqua Security

In today's digital age, data security is important. With organizations increasingly migrating their operations to the cloud, the need for robust cloud security solutions has never been greater. One significant credential that stands out in the realm of cloud security is the TX-RAMP (Texas Risk Assessment and …

Continue reading ›
Election Dynamics: Predictions for the U.S. Federal Government

Election Dynamics: Predictions for the U.S. Federal Government

As we approach 2024, the U.S. Federal Government stands at a critical juncture in cybersecurity. With the backdrop of an election year, emerging technological trends, and evolving cyber threats, it’s essential to anticipate the challenges and opportunities that lie ahead. Drawing from insights of recent expert …

Continue reading ›
The Evolving Landscape of Cloud Security: Our Predictions for 2024

The Evolving Landscape of Cloud Security: Our Predictions for 2024

In the ever-shifting realm of cybersecurity, where innovation and uncertainty intertwine, the year 2023 has been nothing short of chaos. As the dark underbelly of AI-powered threats surfaces, and court rulings redefine the consequences of security failures, the security industry stands at a pivotal juncture. CISOs …

Continue reading ›
Lasting Legacy of Log4j: Lessons for Runtime Security

Lasting Legacy of Log4j: Lessons for Runtime Security

Another December is upon us, stores are full of shoppers, lights are illuminating cities, towns and cul-de-sacs as radio stations bombard listeners with the continuous rotation of holiday music. Yet amongst all this merriment sits the IT security professional behind their screen completing their end of year tasks. …

Continue reading ›
Quantifying the Business Value of CNAPP: Total Economic Impact Study

Quantifying the Business Value of CNAPP: Total Economic Impact Study

Businesses have been embracing cloud native technologies because of their elasticity and flexibility. They allow enterprises to quickly scale and develop applications that are built with services packaged in containers, deployed as microservices and managed on elastic infrastructure through agile DevOps processes and …

Continue reading ›
Navigating Container Security within the FedRAMP Guidelines

Navigating Container Security within the FedRAMP Guidelines

The digital transformation journey of many organizations heavily leans on cloud technologies. As they migrate to the cloud, adhering to stringent security protocols becomes paramount. Enter FedRAMP(R) (Federal Risk and Authorization Management Program). It's a government-wide initiative designed to provide a …

Continue reading ›
The Ticking Supply Chain Attack Bomb of Exposed Kubernetes Secrets

The Ticking Supply Chain Attack Bomb of Exposed Kubernetes Secrets

Exposed Kubernetes secrets pose a critical threat of supply chain attack. Aqua Nautilus researchers found that the exposed Kubernetes secrets of hundreds of organizations and open-source projects allow access to sensitive environments in the Software Development Life Cycle (SDLC) and open a severe supply chain attack …

Continue reading ›
SEC vs. SolarWinds: A Cybersecurity Game Changer for CISOs

SEC vs. SolarWinds: A Cybersecurity Game Changer for CISOs

As winter winds swept across the US this month an even colder wind swept through offices of organizations everywhere, as the SEC brought charges against SolarWinds Corporation and its Chief Information Security Officer (CISO). With one simple indictment the lives of CISOs everywhere changed (even if they may not know …

Continue reading ›
50 Shades of Vulnerabilities: Uncovering Flaws in Open-Source Vulnerability Disclosures

50 Shades of Vulnerabilities: Uncovering Flaws in Open-Source Vulnerability Disclosures

Aqua Nautilus researchers evaluated the vulnerability disclosure process for tens of thousands of open-source projects and found flaws in the process. These flaws allowed harvesting the vulnerabilities before they were patched and announced. This could enable attackers to exploit security holes before the project's …

Continue reading ›
Scanning KBOM for Vulnerabilities with Trivy

Scanning KBOM for Vulnerabilities with Trivy

Early this summer we announced the release of Kubernetes Bills of Material (KBOM) as part of Trivy, our all in one, popular open source security scanner. In the blog we discussed how KBOM is the manifest of all the important components that make up your Kubernetes cluster: Control plane components, Node Components, …

Continue reading ›
Looney Tunables Vulnerability Exploited by Kinsing

Looney Tunables Vulnerability Exploited by Kinsing

Researchers from Aqua Nautilus have successfully intercepted Kinsing's experimental incursions into cloud environments. Utilizing a rudimentary yet typical PHPUnit vulnerability exploit attack, a component of Kinsing's ongoing campaign, we have uncovered the threat actor's manual efforts to manipulate the Looney …

Continue reading ›