Aqua Blog

Security Threats

Cloud Security Trends for 2023 Part Two

Cloud Security Trends for 2023 Part Two

Last month Aqua published a blog with the predictions from our Nautilus security research team regarding trends and new threats we are watching for 2023. In case you missed it over the holidays, we’ve included a link at the end of this post – it’s definitely worth the read.

Continue reading ›
In-depth Analysis of the PyTorch Dependency Confusion Administered Malware

In-depth Analysis of the PyTorch Dependency Confusion Administered Malware

Recently, a dependency of the widely used PyTorch-nightly Python package was targeted in a dependency confusion attack, resulting in thousands of individuals downloading a malicious binary that exfiltrated data through DNS. The individual responsible for this attack claimed to be a security researcher whose research …

Continue reading ›
Cloud Security Trends for 2023 Part One

Cloud Security Trends for 2023 Part One

As we think about what Cloud Native security will look like in 2023, we can’t avoid thinking about the old cat-and-mouse game cliché of cyber security. Every year new attacks emerge while new security solutions are created and old security fixes are upgraded. Threat actors constantly append new methods to the old …

Continue reading ›
Recent Verdict Against Uber CISO is a Game Changer

Recent Verdict Against Uber CISO is a Game Changer

In early October, the US Department of Justice announced that a verdict had been reached in the case against former Uber CISO Joe Sullivan, finding him guilty of two counts associated with covering up a data breach at the company. What made the Uber data breach case particularly noteworthy was that it was not seeking …

Continue reading ›
Technical Review: A Deep Analysis of the Dirty Pipe Vulnerability

Technical Review: A Deep Analysis of the Dirty Pipe Vulnerability

Dirty Pipe (CVE-2022-0847) proved that there is a new way to exploit Linux syscalls to write to files with a read-only privileges. The fact that someone can write to a file regardless of its permissions is a big security threat. An application of this vulnerability would be to write on the host from an unprivileged …

Continue reading ›
Aqua Nautilus Discovers Redigo — New Redis Backdoor Malware

Aqua Nautilus Discovers Redigo — New Redis Backdoor Malware

Aqua Nautilus discovered new Go based malware that targets Redis servers. The attack was executed against one of our deliberately vulnerable Redis honeypots (CVE-2022-0543). Our investigation revealed new undetected malware written in Golang designed to target Redis servers to allow the attacking server to dominate …

Continue reading ›
Updated Security Advisory: New OpenSSL Vulnerabilities

Updated Security Advisory: New OpenSSL Vulnerabilities

The OpenSSL project has pre-announced a new and critical severity vulnerability, which was downgraded to High as of today, Nov. 1, 2022. The initial pre-announcement blog has been updated here to reflect additional remediation guidance.

Continue reading ›
Text4Shell: CVE-2022-42889 in Apache Commons Text Explained

Text4Shell: CVE-2022-42889 in Apache Commons Text Explained

A new vulnerability in the Apache Commons Text library indicates that attackers can perform remote code execution (RCE). The media rushed to create hype around this vulnerability, comparing it to the infamous zero-day vulnerability Log4Shell, which emerged late last year and was broadly exploited by attackers. …

Continue reading ›
Threat Alert: Private npm Packages Disclosed via Timing Attacks

Threat Alert: Private npm Packages Disclosed via Timing Attacks

We at Aqua Nautilus have discovered that npm’s API allows threat actors to execute a timing attack that can detect whether private packages exist on the package manager. By creating a list of possible package names, threat actors can detect organizations’ scoped private packages and then masquerade public packages, …

Continue reading ›
Detecting Drovorub's File Operations Hooking with Tracee

Detecting Drovorub's File Operations Hooking with Tracee

This blog was co-authored by Itamar MaoudaTwo years ago, the NSA (the United States' National Security Agency) revealed that Drovorub, an advanced Russian malware created by the GRU 85th GTsSS team, had been discovered targeting Linux systems. Drovorub works by introducing advanced techniques which can manipulate the …

Continue reading ›
Threat Alert: Cloud Network Bandwidth Now Stolen through Cryptojacking

Threat Alert: Cloud Network Bandwidth Now Stolen through Cryptojacking

This blog was co-authored by Asaf Eitani

Threat actors are looking to increase their financial gain and thus deploy cryptominers which are considered easy to use and lucrative. Cryptomining involves complex calculations leading to high computation power and consequently increased CPU consumption and electricity (or …

Continue reading ›

Subscribe to Email Updates

Popular Posts

Filter by Topic

Show more...