Aqua Blog

Container Security

What’s New in the Docker and Kubernetes CIS Benchmarks

What’s New in the Docker and Kubernetes CIS Benchmarks

One of the challenges with container security and its standards is keeping current with new releases and products. New versions of the Docker and Kubernetes CIS Benchmarks were released recently to capture changes in the new versions of those projects, both to keep things current and to expand coverage to help people …

Continue reading ›
Cloud Native Threat Report: How Quickly Will You Be Attacked?

Cloud Native Threat Report: How Quickly Will You Be Attacked?

The cloud native threat landscape is evolving fast, with 50% of vulnerable targets getting attacked within only one hour. While adversaries are constantly advancing their techniques to craft more sophisticated and targeted attacks, organizations are leaving themselves exposed. Aqua’s 2021 Cloud Native Threat Report

Continue reading ›
The Challenges of Uniquely Identifying Your Images

The Challenges of Uniquely Identifying Your Images

One of the challenges of container security is ensuring that the image you’re getting is exactly what you expect it to be. Both from a security and consistency perspective, it’s important to ensure there are no surprises in what you’re downloading. Docker image tags, whilst convenient, can’t always be relied on to …

Continue reading ›
JDWP Misconfiguration in Container Images and K8s

JDWP Misconfiguration in Container Images and K8s

Java Debug Wire Protocol (JDWP) is a great way to remotely debug applications during development. However, if enabled when shipped to production, hackers can exploit this mistake by running an arbitrary code that allows initial access or privilege escalation in your production environment. Using Aqua’s Dynamic Threat …

Continue reading ›
Threat Alert: Monero Miners Target Cloud Native Dev Environments

Threat Alert: Monero Miners Target Cloud Native Dev Environments

In September 2020, Aqua’s Team Nautilus detected a campaign that targeted the automated build processes of GitHub and Docker Hub. At that time we notified the affected services and they blocked the attack. Now, this campaign has resurfaced with vengeance. In just four days, the attackers set up 92 malicious Docker Hub …

Continue reading ›
Cloud Native Forensics: Challenges and Best Practices

Cloud Native Forensics: Challenges and Best Practices

As no individual, business, or government is immune from being the victim of the next large-scale cyberattack, organizations need capabilities to help identify, contain, and investigate what seems like an inevitable incident. By performing forensic analysis, you can gain and leverage valuable insights to take the …

Continue reading ›
Vulnerability Scanning for Kubernetes Applications: Why and How

Vulnerability Scanning for Kubernetes Applications: Why and How

If you’re looking to improve the security posture of your Kubernetes applications, you can get a lot of bang for your buck with vulnerability scanning. In this blog, I’ll talk about the fundamentals of scanning container images: how to pick a vulnerability scanner, when to use it in the application pipeline, and why …

Continue reading ›
Boosting Container Security with Rootless Containers

Boosting Container Security with Rootless Containers

If there is a single best practice for container security, it is to avoid running containers as root. Rootless containers are making this much easier – almost effortless, even. In this blog, I’ll talk about why you should be avoiding root in containers, what rootless containers are, and how they are going to help.

Continue reading ›
CVE-2020-15275: New Vulnerability Exploits containerd-shim API

CVE-2020-15275: New Vulnerability Exploits containerd-shim API

A year of challenges isn’t quite over yet, as a new vulnerability was found in containerd, CVE-2020-15257. When exploited, after providing a connection through the container to the host network, an attacker can gain root privileges on the host. This vulnerability was disclosed by Jeff Dileo of NCC Group, our …

Continue reading ›
Threat Alert: Fileless Malware Executing in Containers

Threat Alert: Fileless Malware Executing in Containers

Our cyber research team detected a new type of attack that executes and runs malware straight from memory in containers, thus evading common defenses and static scanning. This malware is using a rootkit to hide its running processes, then hijacks resources by executing a crypto miner from memory — leaving a backdoor …

Continue reading ›
Aqua Secures Container Image Support in AWS Lambda

Aqua Secures Container Image Support in AWS Lambda

Amazon continues to build new capabilities into its serverless operational mode and has launched container image support in AWS Lambda. It enables packaging and deploying Lambda functions as container images. Building on our strong partnership with AWS and our desire to offer the most complete cloud-native security …

Continue reading ›

Subscribe to Email Updates

Popular Posts