Aqua Blog

Container Vulnerability

CVE-2021-44832: New Arbitrary Code Execution Vulnerability in Log4j

CVE-2021-44832: New Arbitrary Code Execution Vulnerability in Log4j

This holiday season, adversaries aren’t taking a vacation, massively exploiting multiple vulnerabilities in Log4j, a highly popular Java logging library. Amid the ongoing efforts of organizations to patch their vulnerable systems, a new Log4j vulnerability, tracked as CVE-2021-44832, has been discovered. It allows for …

Continue reading ›
How Thoughtworks Manages Cloud Security and Container Vulnerabilities

How Thoughtworks Manages Cloud Security and Container Vulnerabilities

Many companies, in an effort to modernize their software and cloud tech stacks, are beginning to confront the challenges of managing security across multiple cross-functional, yet independent, teams - each with diverse tech stacks. One such example is Thoughtworks, a leading global technology consultancy that works …

Continue reading ›
Threat Alert: Supply Chain Attacks Using Container Images

Threat Alert: Supply Chain Attacks Using Container Images

Team Nautilus, Aqua Security’s threat research team, has uncovered several supply chain attacks that use malicious container images to compromise their victim. These five container images were found on Docker Hub, which we scan daily for signs of malicious activity. The images hijack organizations’ resources to mine …

Continue reading ›
Aqua Enterprise vs Aqua Trivy: What’s Best for You?

Aqua Enterprise vs Aqua Trivy: What’s Best for You?

Anyone looking to improve the security posture of their cloud native applications knows that a vulnerability scanner is an important tool to add to the toolkit. Automating vulnerability scanning into your build pipeline can reduce the likelihood of successful attacks and help protect your containerized workloads. …

Continue reading ›
CVE-2020-15157: Vulnerability in Containerd Can Leak Cloud Credentials

CVE-2020-15157: Vulnerability in Containerd Can Leak Cloud Credentials

A new vulnerability was found in containerd, located in the container image-pulling process. The new CVE includes manipulation of the image manifest, allowing attackers to craft an image that can leak the host’s registry or cloud credentials when pulled from a registry. This leak occurs even before the image is …

Continue reading ›
Threat Alert: TeamTNT is Back and Attacking Vulnerable Redis Servers

Threat Alert: TeamTNT is Back and Attacking Vulnerable Redis Servers

Over the past few weeks, TeamTNT grabbed headlines after launching several novel attacks against cloud native infrastructure. In response, Docker Hub decided to remove TeamTNT’s malicious images from its community and deleted the user 'Hildeteamtnt.' But just a few days later, TeamTNT reemerged with a catchy logo …

Continue reading ›
Risk-Based Vulnerability Management in Container Images

Risk-Based Vulnerability Management in Container Images

There’s an overwhelming number of vulnerabilities in container images – and the security of your deployments is probably suffering because of it. No matter the size of your organization, it’s a significant challenge to identify the biggest risks to your business and know what to tackle first. Merely classifying and …

Continue reading ›
Using Trivy to Discover Vulnerabilities in VS Code Projects

Using Trivy to Discover Vulnerabilities in VS Code Projects

For most of us developers, our container security protocol involves some sort of static image scan for vulnerabilities. Unfortunately, to do this usually involves jumping out of one type of software program, like a code editor, to open a completely separate tool to perform the scanning. Well, the open source team at …

Continue reading ›
Threat Alert: Kinsing Malware Attacks Targeting Container Environments

Threat Alert: Kinsing Malware Attacks Targeting Container Environments

Lately we’ve been witnessing a rise in the number of attacks that target container environments. We’ve been tracking an organized attack campaign that targets misconfigured open Docker Daemon API ports. This persistent campaign has been going on for months, with thousands of attempts taking place nearly on a daily …

Continue reading ›
Trivy Image Vulnerability Scanner Now Under Apache 2.0 License

Trivy Image Vulnerability Scanner Now Under Apache 2.0 License

In our view, making security tools easy to use is one of the best ways to increase adoption and help end users improve the security of their deployments. One of the strengths of our open source vulnerability scanner for container images, Trivy, is that it’s very easy to install and to integrate into different …

Continue reading ›
Tracee: Tracing Containers with eBPF

Tracee: Tracing Containers with eBPF

This week at Velocity Berlin, I’ll be giving a talk called A Beginner’s Guide to eBPF. To coincide with it, we’re opening up a new Aqua Security open source project called Tracee, which uses eBPF to trace events in containers. This isn’t something that most developers need to do on a day-to-day basis, but for those of …

Continue reading ›