Aqua News

CircleCI is assuming responsibility and taking steps to protect its customers, Assaf Morag, lead data analyst at cloud native security company Aqua Security, notes. But is important for customers to respond proactively to the security incident as well.  

Aqua researchers have found it surprisingly easy to upload malicious Visual Studio Code extensions to the VSCode Marketplace, and discovered signs of threat actors already exploiting this weakness. 

Aqua Security, in its own analysis of the bogus torchtriton module, said the package is almost 100% identical to its legitimate counterpart except for one crucial change that enables it to run a malicious binary called triton for harvesting the sensitive data.

Eilon Elhadad, Aqua’s Senior Director of Supply Chain, shared his predictions on software supply chain security.  

Itay Shakury, VP Open Source, conducted a Q&A sharing details on Trivy, the all-in-one, open source security scanner that helps teams incorporate security into their workflow.  

Eylam Milner, Aqua’s Senior Director of Software Supply Chain, contributed an article on how SBOM and automation will help better detect, prevent, and remediate security issues throughout the software development life cycle.

Eilon Elhadad, Aqua’s Senior Director of Supply Chain, contributed an article on the increase of software supply chain attacks and how bad actors are focusing on source code to generate weaknesses and open backdoors to critical applications. 

Eilon Elhadad, Aqua’s Senior Director of Supply Chain, contributed an article on software supply chain risks and the critical actions the industry needs to take to remedy the issue.