https://www.aquasec.com/tag/supply-chain-attacks/ Cloud Native Security, Container Security & Serverless Security Mon, 29 Jul 2024 08:22:38 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 https://www.aquasec.com/blog/github-repos-expose-azure-and-red-hat-secrets/ Thu, 16 May 2024 12:00:48 +0000 https://www.aquasec.com/?p=19994 What happens when employees at some of the world’s largest organizations like Microsoft and RedHat use personal GitHub repos for their side projects? They can unknowingly expose corporate secrets and credentials opening the doors for a security incident. Unfortunately, this isn’t just a hypothetical situation.   In a recent study, we explained how we analyzed …]]> https://www.aquasec.com/blog/sec-vs-solarwinds-ciso/ Wed, 15 Nov 2023 11:57:34 +0000 https://www.aquasec.com/?p=14199 As winter winds swept across the US this month an even colder wind swept through offices of organizations everywhere, as the SEC brought charges against SolarWinds Corporation and its Chief Information Security Officer (CISO). With one simple indictment the lives of CISOs everywhere changed (even if they may not know it yet) as the consequences …]]> https://www.aquasec.com/blog/threat-alert-anatomy-of-silentbobs-cloud-attack/ Wed, 05 Jul 2023 11:01:13 +0000 https://www.aquasec.com/?p=14364 Aqua Nautilus researchers identified an infrastructure of a potentially massive campaign against cloud native environments. This infrastructure is in early stages of testing and deployment, and is mainly consistent of an aggressive cloud worm, designed to deploy on exposed JupyterLab and Docker APIs in order to deploy Tsunami malware, cloud credentials hijack, resource hijack and …]]> https://www.aquasec.com/blog/zero-day-attack-prevention-through-supply-chain-security/ Thu, 02 Mar 2023 14:46:13 +0000 https://www.aquasec.com/?p=14460 Supply chain security has made lots of headlines recently thanks to events like the SolarWinds breach. That and similar events highlight the importance of having a strategy in place to respond to zero-day attacks which can take advantage of vulnerable software components. I recently organized a webinar with and Teresa Pepper, our EMEA Partner Manager. …]]> https://www.aquasec.com/blog/supply-chain-security-shifting-left-to-the-golden-pipeline/ Wed, 11 Jan 2023 11:00:00 +0000 https://www.aquasec.com/?p=14493 According to an article in Security Magazine, 98% of organizations have been negatively impacted by a cybersecurity breach in their supply chain. Aqua’s 2021 Software Supply Chain Security Review notes that “attackers focused heavily on open source vulnerabilities and poisoning, code integrity issues, exploiting the software supply chain process and supplier trust to distribute malware …]]> https://www.aquasec.com/blog/private-packages-disclosed-via-timing-attack-on-npm/ Wed, 12 Oct 2022 08:30:00 +0000 https://www.aquasec.com/?p=14593 We at Aqua Nautilus have discovered that npm’s API allows threat actors to execute a timing attack that can detect whether private packages exist on the package manager. By creating a list of possible package names, threat actors can detect organizations’ scoped private packages and then masquerade public packages, tricking employees and users into downloading …]]> https://www.aquasec.com/blog/phishing-as-a-service-to-ramp-up-supply-chain-attacks/ Tue, 13 Sep 2022 09:00:00 +0000 https://www.aquasec.com/?p=14638 Threat actors are ramping up their game by deploying Phishing as a Service (PhaaS) to code and package managers (such as GitHub, PyPI, Ruby, NPM). This tactic circumvents Multi-Factor Authentication (MFA) mechanisms leading to session cookie hijacks and account takeovers. As we’ve learned in recent years, account takeovers of these applications lead to supply chain …]]> https://www.aquasec.com/blog/intro-to-fileless-malware-in-containers/ Thu, 11 Aug 2022 16:49:52 +0000 https://www.aquasec.com/?p=14664 A fileless attack is a technique that takes incremental steps toward gaining control of your environment while remaining undetected. In a fileless attack, the malware is directly loaded into memory and executed, evading common defenses and static scanning. Often, attackers may also use compression or encryption to cloak the malware file to avoid detection. Since …]]> https://www.aquasec.com/blog/github-app-tokens/ Mon, 20 Jun 2022 09:30:00 +0000 https://www.aquasec.com/?p=14764 We learned about a bug in GitHub that for about five days at the end of February allowed third-party applications connected to GitHub to generate new scoped installation tokens with elevated permissions. For example, if you connected the Codecov app to your GitHub account with read-only access to your repositories, during that window the app …]]> https://www.aquasec.com/blog/cyber-attacks-data-science-tools/ Wed, 13 Apr 2022 10:00:00 +0000 https://www.aquasec.com/?p=14864 With the accelerated move to the cloud, organizations increasingly rely on large data teams to make data-driven business decisions. In their job, data professionals are given high privileges and access to development and production environments. But what are the security threats that target data tools? And, more importantly, are organizations prepared to deal with these …]]>