Aqua Blog

Security Threats

The Ticking Supply Chain Attack Bomb of Exposed Kubernetes Secrets

The Ticking Supply Chain Attack Bomb of Exposed Kubernetes Secrets

Exposed Kubernetes secrets pose a critical threat of supply chain attack. Aqua Nautilus researchers found that the exposed Kubernetes secrets of hundreds of organizations and open-source projects allow access to sensitive environments in the Software Development Life Cycle (SDLC) and open a severe supply chain attack …

Continue reading ›
50 Shades of Vulnerabilities: Uncovering Flaws in Open-Source Vulnerability Disclosures

50 Shades of Vulnerabilities: Uncovering Flaws in Open-Source Vulnerability Disclosures

Aqua Nautilus researchers evaluated the vulnerability disclosure process for tens of thousands of open-source projects and found flaws in the process. These flaws allowed harvesting the vulnerabilities before they were patched and announced. This could enable attackers to exploit security holes before the project's …

Continue reading ›
Looney Tunables Vulnerability Exploited by Kinsing

Looney Tunables Vulnerability Exploited by Kinsing

Researchers from Aqua Nautilus have successfully intercepted Kinsing's experimental incursions into cloud environments. Utilizing a rudimentary yet typical PHPUnit vulnerability exploit attack, a component of Kinsing's ongoing campaign, we have uncovered the threat actor's manual efforts to manipulate the Looney …

Continue reading ›
Exploited SSH Servers Offered in the Dark web as Proxy Pools

Exploited SSH Servers Offered in the Dark web as Proxy Pools

Aqua Nautilus researchers have shed brighter light on a long-standing threat to SSH in the context of the cloud. More specifically, the threat actor harnessed our SSH server to be a slave proxy and pass traffic through it. In this blog, we will explain this threat, demonstrate how attackers exploit SSH, what actions …

Continue reading ›
Kinsing Malware Exploits Novel Openfire Vulnerability

Kinsing Malware Exploits Novel Openfire Vulnerability

Aqua Nautilus discovered a new campaign that exploits the Openfire vulnerability (CVE-2023-32315), that was disclosed in May of this year, to deploy Kinsing malware and a cryptominer. This vulnerability leads to a path traversal attack, which grants an unauthenticated user access to the Openfire setup environment. …

Continue reading ›
PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks

PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks

Recent findings by Aqua Nautilus have exposed significant flaws that are still active in the PowerShell Gallery's policy regarding package names and owners. These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a package. …

Continue reading ›
Kubernetes Exposed: One Yaml away from Disaster

Kubernetes Exposed: One Yaml away from Disaster

If you thought that falling victim to ransomware, or a hacker hijacking your workstation was a nightmare, consider the potential catastrophe of having your Kubernetes (k8s) cluster hijacked. It could be a disaster magnified a million times over.

Continue reading ›
Three Years Later: The Meow Campaign Reaches Jupyter

Three Years Later: The Meow Campaign Reaches Jupyter

In 2017 and 2020 we saw the oddest campaign - ‘Meow’ - targeting unsecured databases such as MongoDB, Elasticsearch, Cassandra, CouchDB, and other software such as Hadoop clusters, FTPs, Jenkins etc. The Modus Operandi was very simple finding an exposed instance, deleting everything, and destroying data without any …

Continue reading ›
Tomcat Under Attack: Exploring Mirai Malware and Beyond

Tomcat Under Attack: Exploring Mirai Malware and Beyond

A recent Java Developer Productivity Report showed that almost 50% of developers are using Apache Tomcat, indicating its widespread usage in the cloud, big data and website development. We will begin by presenting statistics and examples from recent attacks. Afterward, we will delve into a detailed analysis of a …

Continue reading ›
Detecting eBPF Malware with Tracee

Detecting eBPF Malware with Tracee

eBPF is a popular and powerful technology embedded in the Linux kernel. It is widely used by many security tools for monitoring kernel activity to detect and protect organizations. eBPF, however, can potentially be a dual edged sword as it can be used by threat actors as part of their malicious arsenal. Lately, we …

Continue reading ›
TeamTNT Reemerged with New Aggressive Cloud Campaign

TeamTNT Reemerged with New Aggressive Cloud Campaign

In part one of this two-part blog series, titled "The Anatomy of Silentbob's Cloud Attack," we provided an overview of the preliminary stages of an aggressive botnet campaign that aimed at cloud native environments. This post will dive into the full extent of the campaign and provide a more comprehensive exploration …

Continue reading ›