If you thought that falling victim to ransomware, or a hacker hijacking your workstation was a nightmare, consider the potential catastrophe of having your Kubernetes (k8s) cluster hijacked. It could be a disaster magnified a million times over.
SBOM (Software Bill of Materials) is an accepted best practice to map the components and dependencies of your applications in order to better understand your applications’ risks. SBOMs are used as a basis for vulnerability assessment, licensing compliance, and more. There are plenty of available tools, such as Aqua …
We have recently discovered the first-ever evidence that attackers are exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) in the wild to create backdoors. The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack. Our research suggests that this campaign is …
One of Trivy’s core features is Trivy Kubernetes for in-cluster security scans of running workloads. This tutorial will showcase how to generate CIS and NSA reports both through the Trivy CLI and the Trivy Operator.Additionally, we will look at how users can add the Kubernetes Specification for their own Compliance …
Kubernetes Version 1.26 was released with 37 new enhancements including 11 Stable, 10 Beta, 16 Alpha, and 12 features deprecated or removed. In this blog, we will highlight its most notable features and show how using Trivy will help you find deprecated Kubernetes resources.
Aqua Tracee is an open source runtime security and forensics tool for Linux. It can help you detect suspicious behavior at runtime using an extensive data collection engine and a sophisticated rules engine. You can further read about the development of Tracee in our blog The Story of Tracee: The Path to Runtime …
Trivy, the all-in-one open source security scanner, can scan your Kubernetes cluster as well as its running workloads for security issues. Trivy also has a native Kubernetes Operator for complete Kubernetes security posture management. These capabilities were covered in detail in our previous blog post Vulnerability …
Over the past few months Aqua Trivy, the all-in-one cloud native security scanner, has rapidly grown in features and tapped into new use cases. In this blog post, we will explore
Kubernetes Version 1.25 was released with 40 new enhancements including 13 Stable, 10 Beta, 15 Alpha, and 2 Deprecated. Join us as we present some of the notable features in this release, apply security with the Pod Security Admission (PSA), validate whether your cluster is using containerd, and give an overview of …
A fileless attack is a technique that takes incremental steps toward gaining control of your environment while remaining undetected. In a fileless attack, the malware is directly loaded into memory and executed, evading common defenses and static scanning.
With the release of Amazon EKS Anywhere (EKS-A) Bare Metal, Amazon Web Services has expanded the choices of infrastructure to deploy EKS Anywhere clusters using on-premise bare metal servers as a deployment target. In support of this, Aqua has worked to ensure that as customers adopt EKS Anywhere to automate …