Aqua’s Team Nautilus detected an impressive campaign that set out to hijack resources to enable cryptocurrency mining. This operation focused on several SaaS software development environments, including Docker Hub, GitHub, Travis CI, and Circle CI, by abusing their automated build processes.

IBM joins the growing list of cloud vendors to develop their own e-commerce platform, as they recently developed Red Hat Marketplace. This new platform provides a digital, transactable catalog with various software listings covering both proprietary cloud services as well as solutions from independent software …

The management of Virtual Machines (VMs) in the cloud is not like anything else in your cloud native environment. Traditional host-based security methods used for VMs running on physical servers relied on agents to perform functions that simply do not exist in cloud native environments. In addition, cloud instances …

We’ve been working with Amazon Web Services (AWS) to extend the Aqua cloud native security platform to support AWS Bottlerocket — a purpose-built, Linux-based, open source OS for running containers on virtual machines or bare metal hosts — which is now GA. This combined effort ensures that AWS customers who use this …

This blog was co-authored with Assaf Morag, Lead Security Analyst at Aqua Security

Ever notice how news about hidden malware almost always focuses on remediation AFTER the fact? So did we. Even now, there’s yet another news story about a rash of attacks by a group called TeamTNT. They used a crypto-mining worm to …

We have some exciting news about two new features in Tracee, Aqua’s open source container and system tracing utility. Now, Tracee is much more than just a system call tracer, it’s a powerful tool that can be used to perform forensic investigations and dynamic analysis of binaries – both are incredibly useful when …

One thing that most researchers look for when investigating security breaches is whether or not there’s a common element. In the case of security breaches, the kill-chain for almost every cloud security breach we looked at involved the exploitation of misconfigured or mismanaged cloud infrastructure settings. The …

In the four short years since we launched Aqua and started our cloud native journey, we have all experienced dramatic change. During this time, we brought several new products to market. We witnessed the rise of Docker, then its decline. We recognized the growing popularity of Kubernetes and pivoted our capabilities …

We at Team Nautilus - Aqua’s cyber security research team - discovered a new type of attack against container infrastructure. The attacker exploits a misconfigured Docker API port in order to build and run a malicious container image on the host. As far as we know, this is the first time that an attack in which the …

There’s an overwhelming number of vulnerabilities in container images – and the security of your deployments is probably suffering because of it. No matter the size of your organization, it’s a significant challenge to identify the biggest risks to your business and know what to tackle first. Merely classifying and …