Aqua Blog

Security Threats

New Zero-day RCE Vulnerability Spring4Shell: What You Should Know

New Zero-day RCE Vulnerability Spring4Shell: What You Should Know

A new critical zero-day vulnerability has been discovered in Spring, a popular open source framework widely used in modern Java applications. The issue could allow an attacker to execute arbitrary code on the vulnerable system. The vulnerability has been assigned CVE-2022-22965, and Spring has already released a patch.

Continue reading ›
Threat Alert: First Python Ransomware Attack Targeting Jupyter Notebooks

Threat Alert: First Python Ransomware Attack Targeting Jupyter Notebooks

Team Nautilus has uncovered a Python-based ransomware attack that, for the first time, was targeting Jupyter Notebook, a popular tool used by data practitioners. The attackers gained initial access via misconfigured environments, then ran a ransomware script that encrypts every file on a given path on the server and …

Continue reading ›
CVE-2022-23648 in Containerd's CRI Plugin Could Allow for Container Breakout

CVE-2022-23648 in Containerd's CRI Plugin Could Allow for Container Breakout

A recently discovered CVE in containerd allows attackers who can run a custom image in a cluster to break out to the underlying node and, in some cases, escalate privileges to cluster-admin level.

This CVE is interesting for several reasons. First, the vulnerability shows up in the container image, not in the …

Continue reading ›
The New Octocat Coin: How Attackers Bypass CI/CD Compute Limits

The New Octocat Coin: How Attackers Bypass CI/CD Compute Limits

Over the past few years, attackers have embraced cryptomining as a fast revenue source, easily converting compute power into digital coins. Unlike other types of cybercrime, cryptomining is perceived by the attacker as relatively harmless and reversible, with a low footprint and an immediate payoff. Last year, bad …

Continue reading ›
CVE-2022-0811: CRI-O Vulnerability Could Allow Container Escape

CVE-2022-0811: CRI-O Vulnerability Could Allow Container Escape

A newly discovered vulnerability in the container runtime tool CRI-O could allow for attackers who are able to create pods in a Kubernetes or OpenShift cluster that uses the software, to break out to the underlying cluster node, effectively escalating their privileges. While, as ever, the best way to address this …

Continue reading ›
Cloud Native Technologies Used in Russia-Ukraine Cyber Attacks

Cloud Native Technologies Used in Russia-Ukraine Cyber Attacks

The conflict between Russia and Ukraine is raging not only in the physical realm but also on the cyber front, where governments, hacktivist groups, and individuals are trying to play their part. In this blog, we analyze some examples of the cyberattacks that have taken place as part of the current conflict and review …

Continue reading ›
New Linux Kernel Vulnerability: Escaping Containers by Abusing Cgroups

New Linux Kernel Vulnerability: Escaping Containers by Abusing Cgroups

CVE-2022-0492, a recently disclosed high-severity Linux vulnerability that relates to a weakness in the handling of release_agent in cgroups, could allow for container escape under some circumstances. Fortunately, in common container configurations, the various layers of security hardening will block effective …

Continue reading ›
Dirty Pipe Linux Vulnerability: Overwriting Files in Container Images

Dirty Pipe Linux Vulnerability: Overwriting Files in Container Images

A new CVE in the Linux kernel was released this week. CVE-2022-0847, aka “Dirty Pipe”, is a vulnerability that allows users on a Linux system to overwrite the contents of files that they can read but shouldn’t be able to write to. Looking at this vulnerability from the perspective of hosts using containerization …

Continue reading ›
Russia Cyber Attacks

The Russia-Ukraine Cyber Attacks: A CISO’s Advice

The devastating events in Ukraine have already affected millions of lives and organizations, with profound consequences extending far beyond the region. As the conflict continues to unfold, companies in the US and around the world are facing the growing risk of aggressive Russian cyberattacks. In the face of these …

Continue reading ›
CVE-2022-0185 in Linux Kernel Can Allow Container Escape in Kubernetes

CVE-2022-0185 in Linux Kernel Can Allow Container Escape in Kubernetes

Last week, a new high-severity CVE was released that affects the Linux kernel. This vulnerability provides an opportunity for an attacker who has access to a system as an unprivileged user to escalate those rights to root. To do this, the attacker must have a specific Linux capability, CAP_SYS_ADMIN, which reduces the …

Continue reading ›
The Nightmare Before Christmas: Looking Back at Log4j Vulnerabilities

The Nightmare Before Christmas: Looking Back at Log4j Vulnerabilities

Last month, a zero-day vulnerability in the extremely popular Log4j logging framework overwhelmed the security community during the already busy end-of-year rush. Just keeping up with Log4j news and updates has been no easy task, let alone fixing the multiple vulnerabilities discovered almost daily. Organizations …

Continue reading ›

Subscribe to Email Updates

Popular Posts

Filter by Topic

Show more...