Microsoft recently disclosed a security vulnerability in its Azure Container Instances (ACI) service, referred to as Azurescape. No actual exploitations were reported and, thankfully, no Azure customers were affected by this vulnerability. To clear any doubts around risks to current environments, in this post we …
Team Nautilus, Aqua Security’s threat research team, has uncovered several supply chain attacks that use malicious container images to compromise their victim. These five container images were found on Docker Hub, which we scan daily for signs of malicious activity. The images hijack organizations’ resources to …
The cloud native threat landscape is evolving fast, with 50% of vulnerable targets getting attacked within only one hour. While adversaries are constantly advancing their techniques to craft more sophisticated and targeted attacks, organizations are leaving themselves exposed. Aqua’s 2021 Cloud Native Threat Report …
The past couple of years have seen a rise in software supply chain attacks, with the most salient example being the Solarwinds attack. As production environments have gained multiple layers of protection, and much of the attention of security teams, malicious actors have set their sights on “poisoning the well”, …
In April, MITRE published the ATT&CK matrix for Containers covering adversarial techniques that target container technologies. At Aqua, we were proud to support this effort by sharing our knowledge and helping refine and extend the matrix. As for the risks in Kubernetes, Microsoft created a framework for …
Insufficient access restrictions, permissive storage policies, and publicly exposed assets are only a few of the mistakes companies make when configuring their cloud infrastructure. The scale of the problem is mind-blowing, with 90% of organizations being vulnerable to security breaches due to cloud …
A recent security incident disclosed by Codecov has again placed the spotlight on supply chain attacks. Looking at the details of the incident and how the system operated, it’s clear that organizations should make changes to how they use third party services as part of their Continuous Integration (CI) pipelines. …
Java Debug Wire Protocol (JDWP) is a great way to remotely debug applications during development. However, if enabled when shipped to production, hackers can exploit this mistake by running an arbitrary code that allows initial access or privilege escalation in your production environment. Using Aqua’s Dynamic …
In September 2020, Aqua’s Team Nautilus detected a campaign that targeted the automated build processes of GitHub and Docker Hub. At that time we notified the affected services and they blocked the attack. Now, this campaign has resurfaced with vengeance. In just four days, the attackers set up 92 malicious Docker …
Last week, TeamTNT launched a new campaign against Docker and Kubernetes environments. Using a collection of container images that are hosted in Docker Hub, the attackers are targeting misconfigured docker daemons, Kubeflow dashboards, and Weave Scope, exploiting these environments in order to steal cloud …
A new severe vulnerability was found in Unix and Linux operating systems that allows an unprivileged user to exploit this vulnerability using sudo, causing a heap overflow to elevate privileges to root without authentication, or even get listed in the sudoers file. In this blog, I’ll go over how this CVE can be …