Aqua Blog
Experts insight, best practices and advice on cloud native security, trends, threat intelligence and compliance
Kubernetes CVE-2019-1002100

Mitigating the Kubernetes API Server Patch Permission DoS Vulnerability (CVE-2019-1002100)

A new medium severity vulnerability in the open source Kubernetes has been disclosed (CVE-2019-1002100) that can, if exploited, lead to a denial-of-service on the K8s API server, which in turn may lead to the cluster becoming inoperable.

The best mitigation is to remove the “patch” permissions from untrusted users, …

Continue reading ›
Severe-Privilege--BLOG-650_315.png

Severe Privilege Escalation Vulnerability in Kubernetes (CVE-2018-1002105)

Earlier this week, a severe vulnerability in Kubernetes (CVE-2018-1002105) was disclosed that allows an unauthenticated user to perform privilege escalation and gain full admin privileges on a cluster. The CVE was given the high severity score of 9.8 (out of 10) and it affects all Kubernetes versions from 1.0 …

Continue reading ›
jack-in-the-box-cve.png

"Jack-in-the-Box" Vulnerability When Unpacking Images (CVE-2018-8115)

Last week, Michael Hanselmann published details of a remote code execution vulnerability (CVE-2018-8115) that impacts Docker for Windows. As he described it: “Docker for Windows uses the Windows Host Compute Service Shim published and maintained by Microsoft. Its use of Go's “filepath.Join” function with …

Continue reading ›
Aqua’s new MicroScanner_ Free Image Vulnerability Scanner for Developers

Aqua’s MicroScanner: Free Image Vulnerability Scanner for Developers

At Aqua we’ve been working on a new, free-to-use tool for scanning your container images for package vulnerabilities. MicroScanner uses the same vulnerability database as Aqua’s best-in-class commercial scanner, so you’re getting top-notch results.

Continue reading ›
PCF banner.png

Using Aqua to Secure Applications on Pivotal Cloud Foundry

Many organizations use Pivotal Cloud Foundry (PCF), one of the world’s most powerful cloud-native platforms. PCF enables developers and operators to iterate rapidly, and help expand and launch new businesses fast, as well as deliver extraordinary user experiences to their customers.

Continue reading ›
Protecting Hybrid-Cloud Workloads Lessons from ESG Survey

Protecting Hybrid-Cloud Workloads? Lessons from ESG Survey

Today’s #1 Attack: Zero-day exploits of new and previously unknown vulnerability in apps and OSs

Container Security Top Challenges: Lack of adequate and disparate security tools, vulnerabilities in images, and the need for granular access-control between containers

Continue reading ›
ebpf vulnerability backdoor

eBPF Vulnerability (CVE-2017-16995): When the Doorman Becomes the Backdoor

Co-written by Nahman Khayet and Michael Cherny

eBPF Verifier Bypass Vulnerability

Around the last week of December a tweet by Bruce Leidl caught our eyes, since it said “Straight up unlimited R/W to all kernel memory”...

Continue reading ›
meltdown_bg.png

Do Containers Provide Better Protection Against Meltdown and Spectre?

About Meltdown and Spectre

Following the trend of ‘branding’ vulnerabilities, Meltdown and Spectre vulnerabilities (CVE-2017-5754, CVE-2017-5753, and CVE-2017-5715) are ‘brand’ names given to currently known variants of vulnerabilities of a similar nature, related to speculative execution. The general idea is …

Continue reading ›
blog-pps.png

How Aqua Scans Container Images On-Demand From The AWS Marketplace

Today we announced the availability of a new offering on AWS - our on-demand, pay-per-scan security scanner for container images is now available in the AWS Marketplace. The scanner is a full-featured version of Aqua's image scanning capabilities found in the Aqua Container Security Platform, but with a licensing …

Continue reading ›
Container Security in The Enterprise Survey- Detecting Vulnerabilities in Images and Secrets Management Are Top Focus Areas – For Now (2).png

Survey Reveals: Detecting Vulnerabilities in Images and Managing Secrets Are Top Focus

Last month at DockerCon Europe we learned that container adoption is rising to a whole new level with 24 billion container downloads and 77K% growth in Docker job listings. This is when Docker also announced that it now supports Kubernetes. Combine this with the recent news from The Cloud Native Computing …

Continue reading ›
stackclash bugs.png

Bugs Gone Wild: Container (Stack) Clash and CVE-2017-1000253

A “Stack Clash” is a vulnerability in the memory management of several operating systems, including Linux. It can be exploited by attackers to corrupt memory of a privileged process in order to execute arbitrary code.

Continue reading ›