Aqua Blog

Container Security

Threat Alert Container Images

Threat Alert: Attackers Building Malicious Images Directly on Your Host

We at Team Nautilus - Aqua’s cyber security research team - discovered a new type of attack against container infrastructure. The attacker exploits a misconfigured Docker API port in order to build and run a malicious container image on the host. As far as we know, this is the first time that an attack in which the …

Continue reading ›
Risk_Based_Vulnerability_Management_v3

Risk-Based Vulnerability Management in Container Images

There’s an overwhelming number of vulnerabilities in container images – and the security of your deployments is probably suffering because of it. No matter the size of your organization, it’s a significant challenge to identify the biggest risks to your business and know what to tackle first. Merely classifying and …

Continue reading ›
DzMLT Threat Alert

Threat Alert: An Attack Against a Docker API Leads To Hidden Cryptominers

Following an attack against a misconfigured Docker API port, the research team at Aqua Security performed an in-depth examination of the Docker Hub account from which the image was pulled. The examination was done by dynamically scanning for hidden threats in the container images hosted in that specific Docker Hub …

Continue reading ›
Aqua Risk Explorer

Visualize and Prioritize Risks in Kubernetes with Aqua Risk Explorer

If you’re running workloads on Kubernetes, one of the toughest things to understand is where you have security gaps. Yes, there are CIS benchmarks and configurations to tweak, but they are generalized and won’t highlight the risks in workloads that are actually running in your clusters. The Aqua Risk Explorer’s …

Continue reading ›
Dynamic Container Analysis

Dynamic Threat Analysis for Container Images: Uncovering Hidden Risks

This blog was co-written with Idan Revivo, head of Aqua's cyber research team

Container images are a growing path for external code to enter an organization. Docker has simplified image workflow in order to encourage adoption by developers, so anyone can pull and run images that were built and pushed to Docker Hub, …

Continue reading ›

Blocking Attacks in Runtime with Drift Prevention

Drift prevention is the cloud native answer to malware, worms and zero-day exploits. It’s also one of the best things to happen to security since the firewall, and finally a departure from the defeatist “we can’t really stop attacks so let’s not try” approach that’s been plaguing the mindset of security …

Continue reading ›

Aqua CSP Globally Whitelisted for ARO: Red Hat OpenShift on Azure

To harness the power of a secure and mature Kubernetes platform, to increase their development teams’ productivity, and to lower costs, organizations choose to use Red Hat OpenShift. To achieve these goals, many deploy Red Hat OpenShift on-premise, which requires allocating resources to manage the infrastructure …

Continue reading ›
threat alert exploiting open Docker daemons

Threat Alert: Exploiting Open Docker Daemons for DDoS Attacks

Aqua’s research team continuously investigates and analyzes the anatomy of new attacks in the wild. Recently, we identified attacks that exploited misconfigured open Docker daemons, where attackers were actively using this attack vector to hijack environments in order to launch targeted DDoS attacks. Each of the …

Continue reading ›
What is eBPF

A Deep Dive into eBPF: The Technology that Powers Tracee

Tracee, by Aqua Security, is an open source, lightweight, and easy to use container and system tracing utility. Tracee allows you to trace events that were generated within containers only, without needing to filter out other system processes.

Continue reading ›
DevSecOps

DevSecOps with Trivy and GitHub Actions

The premise of DevSecOps is that in the Software Development Life Cycle (SDLC), each member is responsible for security. This unifies the operations and development teams in terms of security operations. DevSecOps’ goal is to add security to each step of the development process by integrating security controls and …

Continue reading ›

Tracee: Tracing Containers with eBPF

This week at Velocity Berlin, I’ll be giving a talk called A Beginner’s Guide to eBPF. To coincide with it, we’re opening up a new Aqua Security open source project called Tracee, which uses eBPF to trace events in containers. This isn’t something that most developers need to do on a day-to-day basis, but for those …

Continue reading ›

Subscribe to Email Updates

Popular Posts