Aqua Blog

Kubernetes Security

Intro to Fileless Malware in Containers

Intro to Fileless Malware in Containers

A fileless attack is a technique that takes incremental steps toward gaining control of your environment while remaining undetected. In a fileless attack, the malware is directly loaded into memory and executed, evading common defenses and static scanning. 

Continue reading ›
Securing Kubernetes Everywhere with EKS Anywhere (EKS-A) Bare Metal

Securing Kubernetes Everywhere with EKS Anywhere (EKS-A) Bare Metal

With the release of Amazon EKS Anywhere (EKS-A) Bare Metal, Amazon Web Services has expanded the choices of infrastructure to deploy EKS Anywhere clusters using on-premise bare metal servers as a deployment target. In support of this, Aqua has worked to ensure that as customers adopt EKS Anywhere to automate …

Continue reading ›
How to Secure Your Kubernetes Clusters with Trivy

How to Secure Your Kubernetes Clusters with Trivy

Last month at KubeCon Europe, we released new Kubernetes security scanning for Trivy. It allows you to scan running Kubernetes clusters and resources for misconfigurations directly through the Trivy CLI or by installing the Trivy Kubernetes Operator in a cluster. In this blog, we’ll demonstrate how to use Trivy to …

Continue reading ›
What’s New in Kubernetes Version 1.24

What’s New in Kubernetes Version 1.24

With another Kubernetes release upon us, there are, as ever, a load of new features to consider. These include features to help companies use Windows containers securely and improvements in Kubernetes’ supply chain security. In this post, we’ll take a look at some of the more significant features of this release.

Continue reading ›
2022 Cloud Native Threat Report: Key Trends in Cyber Attacks

2022 Cloud Native Threat Report: Key Trends in Cyber Attacks

As companies continue to adopt cloud native technologies at a rapid pace, an increasing number of cyber threats are targeting the cloud native environment. To defend against these threats, security practitioners must stay abreast of attackers’ evolving tactics, techniques, and procedures. For its 2022 Cloud Native …

Continue reading ›
Kubernetes RBAC: How to Avoid Privilege Escalation via Certificate Signing

Kubernetes RBAC: How to Avoid Privilege Escalation via Certificate Signing

Following on from our previous post on the risks of privilege escalation in Kubernetes via the node/proxy resource, we’re going to take a look at how users who have rights to the certificate signing request (CSR) API in Kubernetes might be able to use them to escalate their privileges in a cluster. In addition to …

Continue reading ›
Privilege Escalation from Node/Proxy Rights in Kubernetes RBAC

Privilege Escalation from Node/Proxy Rights in Kubernetes RBAC

One of the side effects of Kubernetes’ rich API and extensive functionality is that sometimes there are security implications to granting users permissions. Security architects should be aware of these side effects when designing platforms that use Kubernetes. In recent research with Iain Smart of NCC Group, we looked …

Continue reading ›
Adopting Zero Trust in Kubernetes: The Fundamentals

Adopting Zero Trust in Kubernetes: The Fundamentals

In late January, the White House published a memo that lays the groundwork for creating a zero-trust architecture for federal agencies. With renewed attention from the US government, zero-trust networking is an area that many organizations are focusing on to improve their security posture. With that focus, it makes …

Continue reading ›
RBAC Virtual Verbs: Teaching Kubernetes to Educate Dolphins

RBAC Virtual Verbs: Teaching Kubernetes to Educate Dolphins

Kubernetes’ role-based access control (RBAC) system is a cornerstone of cluster security. Most clusters use RBAC to determine which users have access to specific operations, and its core elements are well covered in the Kubernetes documentation. However, there are some less well-known features that could be relevant …

Continue reading ›
CVE-2022-0185 in Linux Kernel Can Allow Container Escape in Kubernetes

CVE-2022-0185 in Linux Kernel Can Allow Container Escape in Kubernetes

Last week, a new high-severity CVE was released that affects the Linux kernel. This vulnerability provides an opportunity for an attacker who has access to a system as an unprivileged user to escalate those rights to root. To do this, the attacker must have a specific Linux capability, CAP_SYS_ADMIN, which reduces the …

Continue reading ›
Protecting Cloud Native Workloads on GKE Autopilot

Protecting Cloud Native Workloads on GKE Autopilot

GKE Autopilot is a new mode of operation in Google Kubernetes Engine (GKE) launched earlier this year to help DevOps teams focus their time and resources on building applications on Kubernetes, rather than on managing the infrastructure that the applications run on. As Aqua Security is a GKE selected security partner, …

Continue reading ›