Aqua Blog

Container Security

container security alert

Threat Alert: Massive Cryptomining Campaign Abusing GitHub, Docker Hub, Travis CI & Circle CI

Aqua’s Team Nautilus detected an impressive campaign that set out to hijack resources to enable cryptocurrency mining. This operation focused on several SaaS software development environments, including Docker Hub, GitHub, Travis CI, and Circle CI, by abusing their automated build processes.

Continue reading ›
RedHat Marketplace

Deploy Aqua at the Speed of DevOps using Red Hat Marketplace

IBM joins the growing list of cloud vendors to develop their own e-commerce platform, as they recently developed Red Hat Marketplace. This new platform provides a digital, transactable catalog with various software listings covering both proprietary cloud services as well as solutions from independent software …

Continue reading ›
Cloud Native Security for Cloud VMs

Protecting Cloud VMs for Full-Stack Cloud Native Security

The management of Virtual Machines (VMs) in the cloud is not like anything else in your cloud native environment. Traditional host-based security methods used for VMs running on physical servers relied on agents to perform functions that simply do not exist in cloud native environments. In addition, cloud instances …

Continue reading ›
AWS Bottlerocket

Securing Container Workloads on AWS Bottlerocket

We’ve been working with Amazon Web Services (AWS) to extend the Aqua cloud native security platform to support AWS Bottlerocket — a purpose-built, Linux-based, open source OS for running containers on virtual machines or bare metal hosts — which is now GA. This combined effort ensures that AWS customers who use …

Continue reading ›
Tean TNT attack container analysis

Deep Analysis of TeamTNT Techniques Using Container Images to Attack

This blog was co-authored with Assaf Morag, Lead Security Analyst at Aqua Security

Ever notice how news about hidden malware almost always focuses on remediation AFTER the fact? So did we. Even now, there’s yet another news story about a rash of attacks by a group called TeamTNT. They used a crypto-mining worm to …

Continue reading ›

Uncover Malware Payload Executions Automatically with Tracee

We have some exciting news about two new features in Tracee, Aqua’s open source container and system tracing utility. Now, Tracee is much more than just a system call tracer, it’s a powerful tool that can be used to perform forensic investigations and dynamic analysis of binaries – both are incredibly useful when …

Continue reading ›
Threat Alert Container Images

Threat Alert: Attacker Building Malicious Images Directly on Your Host

We at Team Nautilus - Aqua’s cyber security research team - discovered a new type of attack against container infrastructure. The attacker exploits a misconfigured Docker API port in order to build and run a malicious container image on the host. As far as we know, this is the first time that an attack in which the …

Continue reading ›
Risk_Based_Vulnerability_Management_v3

Risk-Based Vulnerability Management in Container Images

There’s an overwhelming number of vulnerabilities in container images – and the security of your deployments is probably suffering because of it. No matter the size of your organization, it’s a significant challenge to identify the biggest risks to your business and know what to tackle first. Merely classifying and …

Continue reading ›
DzMLT Threat Alert

Threat Alert: An Attack Against a Docker API Leads To Hidden Cryptominers

Following an attack against a misconfigured Docker API port, the research team at Aqua Security performed an in-depth examination of the Docker Hub account from which the image was pulled. The examination was done by dynamically scanning for hidden threats in the container images hosted in that specific Docker Hub …

Continue reading ›
Aqua Risk Explorer

Visualize and Prioritize Risks in Kubernetes with Aqua Risk Explorer

If you’re running workloads on Kubernetes, one of the toughest things to understand is where you have security gaps. Yes, there are CIS benchmarks and configurations to tweak, but they are generalized and won’t highlight the risks in workloads that are actually running in your clusters. The Aqua Risk Explorer’s …

Continue reading ›
Dynamic Container Analysis

Dynamic Threat Analysis for Container Images: Uncovering Hidden Risks

This blog was co-written with Idan Revivo, head of Aqua's cyber research team

Container images are a growing path for external code to enter an organization. Docker has simplified image workflow in order to encourage adoption by developers, so anyone can pull and run images that were built and pushed to Docker Hub, …

Continue reading ›

Subscribe to Email Updates

Popular Posts