Aqua Blog

Kubernetes Security

First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters

First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters

We have recently discovered the first-ever evidence that attackers are exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) in the wild to create backdoors. The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack. Our research suggests that this campaign is …

Continue reading ›
Kubernetes Benchmark Scans with Trivy: CIS and NSA Reports

Kubernetes Benchmark Scans with Trivy: CIS and NSA Reports

One of Trivy’s core features is Trivy Kubernetes for in-cluster security scans of running workloads. This tutorial will showcase how to generate CIS and NSA reports both through the Trivy CLI and the Trivy Operator.Additionally, we will look at how users can add the Kubernetes Specification for their own Compliance …

Continue reading ›
Kubernetes Version 1.26: An Overview

Kubernetes Version 1.26: An Overview

Kubernetes Version 1.26 was released with 37 new enhancements including 11 Stable, 10 Beta, 16 Alpha, and 12 features deprecated or removed. In this blog, we will highlight its most notable features and show how using Trivy will help you find deprecated Kubernetes resources.

Continue reading ›
Tracee Newly Released Rules Detect Attackers Out-of-the-Box

Tracee Newly Released Rules Detect Attackers Out-of-the-Box

Aqua Tracee is an open source runtime security and forensics tool for Linux. It can help you detect suspicious behavior at runtime using an extensive data collection engine and a sophisticated rules engine. You can further read about the development of Tracee in our blog The Story of Tracee: The Path to Runtime …

Continue reading ›
Trivy Now Supports NSA Kubernetes Compliance

Trivy Now Supports NSA Kubernetes Compliance

Trivy, the all-in-one open source security scanner, can scan your Kubernetes cluster as well as its running workloads for security issues. Trivy also has a native Kubernetes Operator for complete Kubernetes security posture management. These capabilities were covered in detail in our previous blog post Vulnerability …

Continue reading ›
Vulnerability Scanning: Trivy vs the Trivy Operator

Vulnerability Scanning: Trivy vs the Trivy Operator

Over the past few months Aqua Trivy, the all-in-one cloud native security scanner, has rapidly grown in features and tapped into new use cases. In this blog post, we will explore

Continue reading ›
Kubernetes Version 1.25: An Overview

Kubernetes Version 1.25: An Overview

Kubernetes Version 1.25 was released with 40 new enhancements including 13 Stable, 10 Beta, 15 Alpha, and 2 Deprecated. Join us as we present some of the notable features in this release, apply security with the Pod Security Admission (PSA), validate whether your cluster is using containerd, and give an overview of …

Continue reading ›
Intro to Fileless Malware in Containers

Intro to Fileless Malware in Containers

A fileless attack is a technique that takes incremental steps toward gaining control of your environment while remaining undetected. In a fileless attack, the malware is directly loaded into memory and executed, evading common defenses and static scanning. 

Continue reading ›
Securing Kubernetes Everywhere with EKS Anywhere (EKS-A) Bare Metal

Securing Kubernetes Everywhere with EKS Anywhere (EKS-A) Bare Metal

With the release of Amazon EKS Anywhere (EKS-A) Bare Metal, Amazon Web Services has expanded the choices of infrastructure to deploy EKS Anywhere clusters using on-premise bare metal servers as a deployment target. In support of this, Aqua has worked to ensure that as customers adopt EKS Anywhere to automate …

Continue reading ›
How to Secure Your Kubernetes Clusters with Trivy

How to Secure Your Kubernetes Clusters with Trivy

Last month at KubeCon Europe, we released new Kubernetes security scanning for Trivy. It allows you to scan running Kubernetes clusters and resources for misconfigurations directly through the Trivy CLI or by installing the Trivy Kubernetes Operator in a cluster. In this blog, we’ll demonstrate how to use Trivy to …

Continue reading ›
What’s New in Kubernetes Version 1.24

What’s New in Kubernetes Version 1.24

With another Kubernetes release upon us, there are, as ever, a load of new features to consider. These include features to help companies use Windows containers securely and improvements in Kubernetes’ supply chain security. In this post, we’ll take a look at some of the more significant features of this release.

Continue reading ›