Aqua Blog

Kubernetes Security

Kubernetes Exposed: One Yaml away from Disaster

Kubernetes Exposed: One Yaml away from Disaster

If you thought that falling victim to ransomware, or a hacker hijacking your workstation was a nightmare, consider the potential catastrophe of having your Kubernetes (k8s) cluster hijacked. It could be a disaster magnified a million times over.

Continue reading ›
Introducing KBOM – Kubernetes Bill of Materials

Introducing KBOM – Kubernetes Bill of Materials

SBOM (Software Bill of Materials) is an accepted best practice to map the components and dependencies of your applications in order to better understand your applications’ risks. SBOMs are used as a basis for vulnerability assessment, licensing compliance, and more. There are plenty of available tools, such as Aqua …

Continue reading ›
First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters

First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters

We have recently discovered the first-ever evidence that attackers are exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) in the wild to create backdoors. The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack. Our research suggests that this campaign is …

Continue reading ›
Kubernetes Benchmark Scans with Trivy: CIS and NSA Reports

Kubernetes Benchmark Scans with Trivy: CIS and NSA Reports

One of Trivy’s core features is Trivy Kubernetes for in-cluster security scans of running workloads. This tutorial will showcase how to generate CIS and NSA reports both through the Trivy CLI and the Trivy Operator.Additionally, we will look at how users can add the Kubernetes Specification for their own Compliance …

Continue reading ›
Kubernetes Version 1.26: An Overview

Kubernetes Version 1.26: An Overview

Kubernetes Version 1.26 was released with 37 new enhancements including 11 Stable, 10 Beta, 16 Alpha, and 12 features deprecated or removed. In this blog, we will highlight its most notable features and show how using Trivy will help you find deprecated Kubernetes resources.

Continue reading ›
Tracee Newly Released Rules Detect Attackers Out-of-the-Box

Tracee Newly Released Rules Detect Attackers Out-of-the-Box

Aqua Tracee is an open source runtime security and forensics tool for Linux. It can help you detect suspicious behavior at runtime using an extensive data collection engine and a sophisticated rules engine. You can further read about the development of Tracee in our blog The Story of Tracee: The Path to Runtime …

Continue reading ›
Trivy Now Supports NSA Kubernetes Compliance

Trivy Now Supports NSA Kubernetes Compliance

Trivy, the all-in-one open source security scanner, can scan your Kubernetes cluster as well as its running workloads for security issues. Trivy also has a native Kubernetes Operator for complete Kubernetes security posture management. These capabilities were covered in detail in our previous blog post Vulnerability …

Continue reading ›
Vulnerability Scanning: Trivy vs the Trivy Operator

Vulnerability Scanning: Trivy vs the Trivy Operator

Over the past few months Aqua Trivy, the all-in-one cloud native security scanner, has rapidly grown in features and tapped into new use cases. In this blog post, we will explore

Continue reading ›
Kubernetes Version 1.25: An Overview

Kubernetes Version 1.25: An Overview

Kubernetes Version 1.25 was released with 40 new enhancements including 13 Stable, 10 Beta, 15 Alpha, and 2 Deprecated. Join us as we present some of the notable features in this release, apply security with the Pod Security Admission (PSA), validate whether your cluster is using containerd, and give an overview of …

Continue reading ›
Intro to Fileless Malware in Containers

Intro to Fileless Malware in Containers

A fileless attack is a technique that takes incremental steps toward gaining control of your environment while remaining undetected. In a fileless attack, the malware is directly loaded into memory and executed, evading common defenses and static scanning. 

Continue reading ›
Securing Kubernetes Everywhere with EKS Anywhere (EKS-A) Bare Metal

Securing Kubernetes Everywhere with EKS Anywhere (EKS-A) Bare Metal

With the release of Amazon EKS Anywhere (EKS-A) Bare Metal, Amazon Web Services has expanded the choices of infrastructure to deploy EKS Anywhere clusters using on-premise bare metal servers as a deployment target. In support of this, Aqua has worked to ensure that as customers adopt EKS Anywhere to automate …

Continue reading ›