Threat Alert: Attack Vector Uses Containers to Methodically Target Cloud Resources

Aqua Cloud Native Blog

Expert insight, best practices and advice on cloud native security, trends, threat intelligence and compliance.

SECURITY RESEARCH
Threat Alert: Attack Vector Uses Containers to Methodically Target Cloud Resources
The Aqua Research team has identified a new attack vector that points to an evolution in attacks’ techniques and capabilities. In these attacks, the attackers leverage containers as an entry point to discover and spread to other resources used within cloud accounts. The attackers deployed a clean Ubuntu container, mounted the host file system, which …
Read more
Uncategorized
Using Kubernetes Admission Controller for Image Assurance
With cloud native technologies quickly evolving and with their high adoption rate, security practices are falling behind, are not being fully applied, and in some cases, applied too late. As a result, customers pay a high, albeit avoidable price. Aqua Cloud Native Security Platform uniquely addresses these challenges and in this blog we will discuss …
Read more
Uncategorized
What You Need to Know About AWS Lambda Functions Risk Mitigation
With serverless functions architecture gaining in popularity, it is also becoming clear that the architecture is not without its security drawbacks. Overly permissive permissions, vulnerability in the functions’ code, and embedded secrets could all be exploited. Despite being event-triggered and ephemeral by nature, serverless functions can still be subject to unauthorized activity such as event …
Read more
Uncategorized
Cloud Native Best Practices: Security Policies in CI/CD Pipelines
With the continual leftward shifting movement of traditional DevOps responsibilities, organizations can now detect security issues earlier in the software development lifecycle (SDLC). Using CI/CD tools such as Jenkins, GoCD, or Bamboo, organizations can continually develop, test, and ship applications. As containers are becoming the architecture of choice for cloud native applications development, developers are …
Read more
SECURITY RESEARCH
Threat Alert: Exploiting Open Docker Daemons for DDoS Attacks
Threat Alert
Aqua’s research team continuously investigates and analyzes the anatomy of new attacks in the wild. Recently, we identified attacks that exploited misconfigured open Docker daemons, where attackers were actively using this attack vector to hijack environments in order to launch targeted DDoS attacks. Each of the attacks were carried out using a botnet of containers, …
Read more
CLOUD SECURITY
Announcing General Availability of CloudSploit by Aqua for GCP
Aqua Security announced the general availability of CloudSploit by Aqua for Google Cloud Platform (GCP). This release comes after an extended beta program, during which we worked closely with our customers to develop and deliver a robust set of out-of-the-box policies for GCP. This release also includes a Center for Internet Security (CIS) benchmark certification …
Read more
Uncategorized
A Brief History of Containers: From the 1970s Till Now
When we first published this blog post in 2017, the technology landscape for containers was quite different than it is today. Over the past few years, we have seen significant changes take place that have affected, and continue to affect how Containers are adopted. Read on to understand the changes and developments we saw and …
Read more
AQUA OPEN SOURCE
A Deep Dive into eBPF: The Technology that Powers Tracee
Tracee, by Aqua Security, is an open source, lightweight, and easy to use container and system tracing utility. Tracee allows you to trace events that were generated within containers only, without needing to filter out other system processes.
Read more
VULNERABILITY MANAGEMENT
Pluggable Image Vulnerability Scanners for Harbor
Harbor is an open source cloud native artifact registry, sponsored by the CNCF, that you can use as a repository for your container images. Harbor provides support for vulnerability scanning of images to make sure they are safe to deploy. We’ve been working with the Harbor team to extend its capabilities with support for pluggable …
Read more
VULNERABILITY MANAGEMENT
Cloud Native Security Best Practices: Vulnerability Management
After four years of securing cloud native applications, our team at Aqua has learned a thing or two about applying best practices in the real world. We’ve seen many organizations succeed in establishing a sound process and tooling to achieve their security goals, and we’ve also seen those who struggle to prioritize and manage their …
Read more
Uncategorized
Aqua Integrates with AWS Security Hub: Closing the Gap on Cloud Native Security
The AWS Security Hub SecOps tool provides a comprehensive view of security and compliance alerts across various AWS accounts.  Security findings are collected and summarized on integrated dashboards, allowing security professionals to continuously monitor their environment using automated compliance checks. The Aqua Cloud Native Security Platform collects security insights that are unique to the development, …
Read more
AQUA OPEN SOURCE
DevSecOps with Trivy and GitHub Actions
The premise of DevSecOps is that in the Software Development Life Cycle (SDLC), each member is responsible for security. This unifies the operations and development teams in terms of security operations. DevSecOps’ goal is to add security to each step of the development process by integrating security controls and processes as early as possible in …
Read more
Page 25 of 33‹ Prev212223242526272829Next ›
Need to secure enterprise workloads?
Aqua Cloud Native Application Protection Platform (CNAPP)
Go cloud native with the experts!
Get Demo
Aqua Security is the pioneer in securing containerized cloud native applications from development to production. Aqua's full lifecycle solution prevents attacks by enforcing pre-deployment hygiene and mitigates attacks in real time in production, reducing mean time to repair and overall business risk. The Aqua Platform, a Cloud Native Application Protection Platform (CNAPP), integrates security from Code to Cloud, combining the power of agent and agentless technology into a single solution. With enterprise scale that doesn’t slow development pipelines, Aqua secures your future in the cloud. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL protecting over 500 of the world’s largest enterprises.
Read Aqua Security reviews on G2

Use Cases

Environments

Partners

Resources

About Us

Get in Touch

Products

Get Started
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use | Cookie Settings |  
Accessibility Tools
Normal text size Medium text size Large text size
Normal display Black & White display High contrast display
Stop transitions and animations Underline Links