The Gaps in Open Source Governance That Threaten the Software Supply Chain

Aqua Cloud Native Blog \ Tags: Software Supply Chain Security

SECURITY RESEARCH
The Gaps in Open Source Governance That Threaten the Software Supply Chain
Security Threat
The widespread issue of unmaintained and deprecated npm packages recently discovered by Aqua researchers affects more than a fifth of open source packages. Presenting yet another silent example of hidden threats to the software supply chain, it demonstrates how poor operational and structural integrity of dependencies can be just as risky as code vulnerabilities, while …
Read more
FEDERAL
Navigating Container Security within the FedRAMP Guidelines
The digital transformation journey of many organizations heavily leans on cloud technologies. As they migrate to the cloud, adhering to stringent security protocols becomes paramount. Enter FedRAMP(R) (Federal Risk and Authorization Management Program). It’s a government-wide initiative designed to provide a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
Read more
SECURITY RESEARCH
Exploited SSH Servers Offered in the Dark web as Proxy Pools
Security Threat
Aqua Nautilus researchers have shed brighter light on a long-standing threat to SSH in the context of the cloud. More specifically, the threat actor harnessed our SSH server to be a slave proxy and pass traffic through it. In this blog, we will explain this threat, demonstrate how attackers exploit SSH, what actions they take …
Read more
CLOUD SECURITY
Elevating Cloud Security Response with Cloud-to-Code Tracing
Data breaches and ransomware attacks have become a common headline around the globe. Meanwhile, protecting cloud environments has turned into an uphill battle for even the most seasoned CISO. With a broader attack surface, the dynamic nature of open source software, and a growing number of vulnerabilities being discovered each year, being prepared for the …
Read more
SECURITY RESEARCH
Threat Alert: Anatomy of Silentbob’s Cloud Attack
Security Threat
Aqua Nautilus researchers identified an infrastructure of a potentially massive campaign against cloud native environments. This infrastructure is in early stages of testing and deployment, and is mainly consistent of an aggressive cloud worm, designed to deploy on exposed JupyterLab and Docker APIs in order to deploy Tsunami malware, cloud credentials hijack, resource hijack and …
Read more
SECURITY RESEARCH
2023 Nautilus Cyber Security Report – Insights Revealed
The adoption of cloud native technologies has become a cornerstone to helping businesses build and run applications. Cloud computing has revolutionized the way organizations design, develop, deploy, and manage their applications. While it has brought many benefits such as scalability, flexibility, and agility, it has also come with inherent complexities that have led to compromise …
Read more
SECURITY RESEARCH
Fortune 500 at Risk: 250M Artifacts Exposed via Misconfigured Registries
Threat Alert
What if you were told that you had a misconfigured registry with hundreds of millions of software artifacts containing highly confidential and sensitive proprietary code and secrets exposed in your environment right now? This would be what you’d call a really bad day for security. Recently, the Aqua Nautilus research team found just that in …
Read more
Uncategorized
White House Shifts Cybersecurity Strategy to Drive Resilience
This week, the White House released its updated National Cybersecurity Strategy detailing the comprehensive approach the U.S. Government’s Administration is taking to cybersecurity.
Read more
SOFTWARE SUPPLY CHAIN SECURITY
Software Supply Chain Security vs. SCA: What’s the Difference?
As reliance on software increases in both personal and professional contexts, security of the software supply chain has become a critical concern. Ensuring the security and quality of software is essential for protecting against digital attacks, data breaches, and other cyber threats. Two practices that play a key role in ensuring software security are software …
Read more
SOFTWARE SUPPLY CHAIN SECURITY
What To Know: A Summary of the Compliance Guide to SSDF
NIST has recently researched, defined, and released an entirely new standard for incorporating security into the software development lifecycle called The Secure Software Development Framework.  It was uniquely designed to help address the tremendous gaps in software supply chain security that expose organizations to methodical attacks on an organization’s code, infrastructure, development toolchain, and dependencies. …
Read more
EXPERT INSIGHTS
Cloud Security Trends for 2023 Part Two
Last month Aqua published a blog with the predictions from our Nautilus security research team regarding trends and new threats we are watching for 2023. In case you missed it over the holidays, we’ve included a link at the end of this post – it’s definitely worth the read.
Read more
SOFTWARE SUPPLY CHAIN SECURITY
Should You Use SLSA or CIS Software Supply Chain Security Guidelines?
With recent software supply chain attacks on the rise, CISOs being held personally liable, and the United States government requiring minimum security software standards for any products and services they procure, the development industry is refocusing on software development strategies that make security a priority. But with so many reputable sources creating guidance, which is …
Read more
Page 1 of 3123Next ›
Need to secure enterprise workloads?
Aqua Cloud Native Application Protection Platform (CNAPP)
Go cloud native with the experts!
Get Demo
Aqua Security stops cloud native attacks across the application lifecycle and is the only company with a $1M Cloud Native Protection Warranty to guarantee it. As the pioneer in cloud native security, Aqua helps customers reduce risk while building the future of their businesses. The Aqua Platform is the industry's most integrated Cloud Native Application Protection Platform (CNAPP), protecting the application lifecycle from code to cloud and back. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL with Fortune 1000 customers in over 40 countries.
Read Aqua Security reviews on G2

Use Cases

Environments

Partners

Resources

About Us

Get in Touch

Products

Get Started
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use | Cookie Settings |  
Accessibility Tools
Normal text size Medium text size Large text size
Normal display Black & White display High contrast display
Stop transitions and animations Underline Links