Aqua Nautilus discovered a new campaign that exploits the Openfire vulnerability (CVE-2023-32315), that was disclosed in May of this year, to deploy Kinsing malware and a cryptominer. This vulnerability leads to a path traversal attack, which grants an unauthenticated user access to the Openfire setup environment. …

What does it mean to be an innovator? Is it someone whose face and company are known? Whose product is the most popular? Who has the coolest ads or the most social media likes? According to the Oxford dictionary, an innovator is someone who introduces change and new ideas. At Aqua we have always thought of ourselves …

Recent findings by Aqua Nautilus have exposed significant flaws that are still active in the PowerShell Gallery's policy regarding package names and owners. These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a package. …

If you thought that falling victim to ransomware, or a hacker hijacking your workstation was a nightmare, consider the potential catastrophe of having your Kubernetes (k8s) cluster hijacked. It could be a disaster magnified a million times over.

The Urgent Need for Rapid Remediation

The window of vulnerability after the discovery of a security issue has never been more critical than it is with cloud native applications. Why is that? Cloud apps move fast. With modern CI/CD processes, code can be pushed to production multiple times per day. This means that …

In 2017 and 2020 we saw the oddest campaign - ‘Meow’ - targeting unsecured databases such as MongoDB, Elasticsearch, Cassandra, CouchDB, and other software such as Hadoop clusters, FTPs, Jenkins etc. The Modus Operandi was very simple finding an exposed instance, deleting everything, and destroying data without any …

A recent Java Developer Productivity Report showed that almost 50% of developers are using Apache Tomcat, indicating its widespread usage in the cloud, big data and website development. We will begin by presenting statistics and examples from recent attacks. Afterward, we will delve into a detailed analysis of a …

eBPF is a popular and powerful technology embedded in the Linux kernel. It is widely used by many security tools for monitoring kernel activity to detect and protect organizations. eBPF, however, can potentially be a dual edged sword as it can be used by threat actors as part of their malicious arsenal. Lately, we …

In part one of this two-part blog series, titled "The Anatomy of Silentbob's Cloud Attack," we provided an overview of the preliminary stages of an aggressive botnet campaign that aimed at cloud native environments. This post will dive into the full extent of the campaign and provide a more comprehensive exploration …

With the growing sophistication of cyber-attacks and increasing complexity of multi-cloud environments, partial visibility alone isn’t enough. Real-Time CSPM improves upon traditional CSPM by bringing deep, real-time context and prioritization to discovered issues. Providing you with complete visibility to reduce the …