This week at Velocity Berlin, I’ll be giving a talk called A Beginner’s Guide to eBPF. To coincide with it, we’re opening up a new Aqua Security open source project called Tracee, which uses eBPF to trace events in containers. This isn’t something that most developers need to do on a day-to-day basis, but for those …
Docker clients can communicate with the daemon either locally, via a unix socket, or over a network via a TCP socket. Aqua's research team discovered an interesting attack vector running on top of an unsecured Docker socket API. Instead of running a malicious Docker image, the attacker changes the traditional …
Managing a growing number of systems and applications can be complicated and time consuming, making it particularly important to find a way to centralize and optimize your data. As a result, AWS has recently released FireLens which, working with Fluentd and Fluent Bit, allows you to route your logs to a large …
One of the key challenges in container image scanning is understanding where a vulnerability originated in an image, and who can fix it. Image layers allow us to do that, and Aqua’s scanner now allows us to pinpoint discovered vulnerabilities to a specific layer.
In previous crypto-mining attacks, we observed hackers investing little to no effort in hiding their malicious activities. They just ran the malicious container with all of its scripts and configuration files in clear text. This made the analysis of their malicious intent fairly easy.
Sometimes life, a.k.a., the internet, throws us a bone when it comes to running demonstrations on security tools.
Managing known vulnerabilities in container images has been one of the first issues to get the attention of organizations that adopt containers. Knowing what vulnerabilities (CVEs) lurk in your image code is important, but fixing or patching the images that contain vulnerabilities has been a challenge, since it’s …
Enterprise-grade solutions are expected to integrate with existing enterprise infrastructure, including providing SSO to authenticate users without requiring separate definitions of user identity and access credentials.
Now that containers have been around for a few years and have had their share of disclosed vulnerabilities, it’s time to revisit some of the more interesting ones and see if there’s a recurring theme or any underlying trend to highlight.
In their recent research note, “Top 10 Security Projects for 2019”*, Gartner analysts highlighted ten initiatives that Security and Risk Management leaders should implement or improve in 2019. Container security is on this list.
Yesterday it was disclosed that a new high severity (CVSS score 7.2) vulnerability (CVE-2019-5736) was found in runc, that allows an attacker to potentially compromise the container host. Patches are already available from most providers (see below). Aqua customers can also prevent this vulnerability from being …