Aqua Blog
Experts insight, best practices and advice on cloud native security, trends, threat intelligence and compliance
stackclash bugs.png

Bugs Gone Wild: Container (Stack) Clash and CVE-2017-1000253

A “Stack Clash” is a vulnerability in the memory management of several operating systems, including Linux. It can be exploited by attackers to corrupt memory of a privileged process in order to execute arbitrary code.

Continue reading ›
Equifax breach

Equifax Breach Hindsight - What If They Used Containers?

What are the chances that your name, address and social security number have been stolen? If you are an American citizen, the answer is ‘about 50/50’. The reason, perhaps not surprisingly, is a recent data breach. Records of 143M customers of Equifax, a large credit reporting company, were stolen.

Continue reading ›
Keys_IBM_flaw.png

Don't Leave Your Keys Exposed: Lessons from IBM Privilege Escalation Flaw

Would you ever give your keys to a stranger? That’s exactly what someone at IBM did: they left private keys to the Docker host environment in IBM’s Data Science Experience service accessible to the outside world. Wayne Chang, security consultant who found this, explains in his original report:

Continue reading ›
Vine Docker registry hack

Vine's Docker Registry "Hack": A Bad Case of RTFM

Yesterday it was revealed that a security researcher who goes by the name avicoder managed to get hold of Vine's source code by accessing their Docker registry. If you're not familiar with Vine, it's a video sharing site that allows users to upload 6 second videos that are very easy to share and re-share. The …

Continue reading ›