TeamTNT Pwn Campaign Against Docker and K8s Environments

Aqua Cloud Native Blog

Expert insight, best practices and advice on cloud native security, trends, threat intelligence and compliance.

SECURITY RESEARCH
TeamTNT Pwn Campaign Against Docker and K8s Environments
Threat Alert
Last week, TeamTNT launched a new campaign against Docker and Kubernetes environments. Using a collection of container images that are hosted in Docker Hub, the attackers are targeting misconfigured docker daemons, Kubeflow dashboards, and Weave Scope, exploiting these environments in order to steal cloud credentials, open backdoors, mine cryptocurrency, and launch a worm that is …
Read more
Uncategorized
Acting on Cloud Native Security Data with Splunk
With no shortage of attacks targeting the cloud native stack, having a holistic view of your environment is paramount to contain and mitigate the attack, as well as to perform forensic analysis after the fact. In order to provide you with deeper insights into malicious and suspicious activity in your cloud native environment, we joined …
Read more
AQUA OPEN SOURCE
Automating Configuration Auditing with Starboard Operator By Aqua
Back in November 2020, we introduced the Starboard Operator, which automates vulnerability scanning in a Kubernetes environment. We’re now pleased to announce the latest release (release v0.9) which adds configuration auditing using Polaris. This means that the Operator can automatically check for weaknesses in the way your Kubernetes workloads are configured, as well as scan …
Read more
SECURITY RESEARCH
CVE-2021-3156 sudo Vulnerability Allows Root Privileges
A new severe vulnerability was found in Unix and Linux operating systems that allows an unprivileged user to exploit this vulnerability using sudo, causing a heap overflow to elevate privileges to root without authentication, or even get listed in the sudoers file. In this blog, I’ll go over how this CVE can be exploited, what …
Read more
CLOUD SECURITY
The Essential Guide to CSPM: Improve Your Cloud Security Posture
With 175 different services available on AWS alone, many enterprises are struggling to protect their large and increasingly complex cloud environments. To operate efficiently at scale, you need to continuously find and fix security issues across your entire cloud infrastructure. That’s where the concept of Cloud Security Posture Management (CSPM) comes into play.
Read more
CONTAINER SECURITY
Boosting Container Security with Rootless Containers
If there is a single best practice for container security, it is to avoid running containers as root. Rootless containers are making this much easier – almost effortless, even. In this blog, I’ll talk about why you should be avoiding root in containers, what rootless containers are, and how they are going to help.
Read more
Uncategorized
Infographic: What is CSPM and Why You Need It
As a major trend in 2020, enterprises have been increasingly adopting multi-cloud to elevate efficiency and maintain flexibility and independence. But multi-cloud environments are more complex and harder to secure, leading to more cloud service misconfigurations and breaches. Making matters worse, many organizations still believe that their cloud provider will protect them, but the truth …
Read more
SECURITY RESEARCH
Aqua’s Top Five Threat Alerts for 2020
It has certainly been a rough year and just as life constantly evolves, so do cyber threats. So, here are a few blogs by our cyber security research group, Team Nautilus, that got the most attention from cloud native security professionals. These blogs highlight how attackers continue to get more creative over time, as we …
Read more
AQUA OPEN SOURCE, SECURITY RESEARCH
CVE-2020-15275: New Vulnerability Exploits containerd-shim API
A year of challenges isn’t quite over yet, as a new vulnerability was found in containerd, CVE-2020-15257. When exploited, after providing a connection through the container to the host network, an attacker can gain root privileges on the host. This vulnerability was disclosed by Jeff Dileo of NCC Group, our investigation by Team Nautilus is …
Read more
KUBERNETES SECURITY
Unveiling Aqua Vulnerability Database, Strengthen Your K8s Clusters
Published sources of vulnerabilities in cloud native environments are an important resource, but the information is often spread out across a variety of platforms. Since 80% of cloud native software is based on open source, this makes getting the most relevant and up-to-date vulnerability information a real challenge. Our new Aqua Vulnerability Database (AVD) consolidates …
Read more
KUBERNETES SECURITY
Evaluating and Enforcing Least Privilege in Kubernetes with Aqua KSPM
Overly permissive defaults associated with roles and K8s subjects, such as service accounts, add risks to the attack surface of Kubernetes. And attempting to manually understand these risks and enforce least privilege rights in a Kubernetes environment is time-consuming and prone to human error. With the introduction of Kubernetes Security Posture Management (KSPM), we’ve now …
Read more
SECURITY RESEARCH
Threat Alert: Fileless Malware Executing in Containers
Security Threat
Our cyber research team detected a new type of attack that executes and runs malware straight from memory in containers, thus evading common defenses and static scanning. This malware is using a rootkit to hide its running processes, then hijacks resources by executing a crypto miner from memory — leaving a backdoor that enables attackers …
Read more
Page 21 of 33‹ Prev171819202122232425Next ›
Need to secure enterprise workloads?
Aqua Cloud Native Application Protection Platform (CNAPP)
Go cloud native with the experts!
Get Demo
Aqua Security is the pioneer in securing containerized cloud native applications from development to production. Aqua's full lifecycle solution prevents attacks by enforcing pre-deployment hygiene and mitigates attacks in real time in production, reducing mean time to repair and overall business risk. The Aqua Platform, a Cloud Native Application Protection Platform (CNAPP), integrates security from Code to Cloud, combining the power of agent and agentless technology into a single solution. With enterprise scale that doesn’t slow development pipelines, Aqua secures your future in the cloud. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL protecting over 500 of the world’s largest enterprises.
Read Aqua Security reviews on G2

Use Cases

Environments

Partners

Resources

About Us

Get in Touch

Products

Get Started
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use | Cookie Settings |  
Accessibility Tools
Normal text size Medium text size Large text size
Normal display Black & White display High contrast display
Stop transitions and animations Underline Links