Aqua Blog

Container Security

CVE-2022-0185 in Linux Kernel Can Allow Container Escape in Kubernetes

CVE-2022-0185 in Linux Kernel Can Allow Container Escape in Kubernetes

Last week, a new high-severity CVE was released that affects the Linux kernel. This vulnerability provides an opportunity for an attacker who has access to a system as an unprivileged user to escalate those rights to root. To do this, the attacker must have a specific Linux capability, CAP_SYS_ADMIN, which reduces the …

Continue reading ›
Threat Alert: Tracking Real-World Apache Log4j Attacks

Threat Alert: Tracking Real-World Apache Log4j Attacks

This blog was co-authored with Ori Glassman, a security researcher at Aqua Security

Until last week, Log4j was just a popular Java logging framework, one of the numerous components that run in the background of many modern web applications. But since a zero-day vulnerability (CVE-2021-44228) was published, Log4j has …

Continue reading ›
CVE-2021-45046: Second Log4j Security Vulnerability Discovered

CVE-2021-45046: Second Log4j Security Vulnerability Discovered

Dec 17 update: The CVSSv3 score for CVE-2021-45046 has been raised from 3.7 to 9.0.

While many organizations are still dealing with the discovery and mitigation process for the previous Log4j CVE, the project has announced that another vulnerability CVE-2021-45046 has been discovered due to an incomplete fix in Log4j …

Continue reading ›
CVE-2021-44228 aka Log4Shell Vulnerability Explained

CVE-2021-44228 aka Log4Shell Vulnerability Explained

Log4Shell, a new, critical zero-day vulnerability that crashed onto the scene last Friday, shows how issues that are hidden in seemingly basic functionality can have major repercussions for enterprise security. When the dust settles from the immediate incident response and remediation, organizations should assess how …

Continue reading ›
What You Need to Know About PCI DSS Compliance in Cloud Native

What You Need to Know About PCI DSS Compliance in Cloud Native

The Payment Card Industry Data Security Standard (PCI DSS) is a well-known compliance framework for any organization handling payment card data. However, translating the PCI DSS requirements into the world of containers and Kubernetes can be overwhelming. In this post, we break down how containerized applications …

Continue reading ›
Golang Scanning with Trivy: Detect Vulnerabilities Accurately

Golang Scanning with Trivy: Detect Vulnerabilities Accurately

A standard piece of security advice is to reduce the size of your container images, usually by using statically compiled binaries in a scratch or distroless container. However, that complicates container vulnerability scanning, because it becomes impossible to determine the versions of software installed in a …

Continue reading ›
Threat Alert: Threat Actors Using release_agent Container Escape

Threat Alert: Threat Actors Using release_agent Container Escape

Earlier this year, Aqua’s Team Nautilus detected a cryptocurrency mining campaign targeting our honeypots. As part of the campaign, the threat actors used a container escape technique that leverages the CGroup release_agent feature. This technique allows an attacker to break out from the container and compromise the …

Continue reading ›
The Great Escape: A Blast Radius Analysis of Container Attacks

The Great Escape: A Blast Radius Analysis of Container Attacks

In 2021, container attacks have been on the rise. We observed numerous attacks that were designed to escape container environments to the underlying host, increasing the impact of the attack. But how much damage can be caused when an attacker manages to escape a container? To answer this question, we conducted an …

Continue reading ›
The Story of Tracee: The Path to Runtime Security Tool

The Story of Tracee: The Path to Runtime Security Tool

eBPF technology is seeing strong growth, being widely adopted in the cloud native ecosystem for monitoring, networking, and security goals. At Aqua, along with being used in commercial products, eBPF powers our open source project Tracee to detect events in running containers.

Continue reading ›
Azurescape: What You Need to Know

Azurescape: What You Need to Know

Microsoft recently disclosed a security vulnerability in its Azure Container Instances (ACI) service, referred to as Azurescape. No actual exploitations were reported and, thankfully, no Azure customers were affected by this vulnerability. To clear any doubts around risks to current environments, in this post we will …

Continue reading ›
Advanced Persistent Threat Techniques Used in Container Attacks

Advanced Persistent Threat Techniques Used in Container Attacks

This blog was co-authored with Itamar Maouda, security researcher at Aqua Security

Aqua’s Team Nautilus detected an intensive campaign targeting cloud native environments that uses advanced persistent threat (APT) techniques usually leveraged by nation-state threat actors. As part of the campaign, the attackers used …

Continue reading ›

Subscribe to Email Updates

Popular Posts

Filter by Topic

Show more...