Aqua News

By codifying guidelines for each category, Aqua Security and CIS aim to establish industry-wide best practices and recommendations for mitigating open-source software risks, and to support new standards including supply-chain levels for software artifacts (SLSA) and the update framework (TUF).

Developed through collaboration between the two organizations, the CIS Software Supply Chain Security Guide provides more than 100 foundational recommendations that can be applied across a variety of commonly used technologies and platforms.

BOSTON— June 22, 2022 — Aqua Security, the leading pure-play cloud native security provider, and the Center for Internet Security (CIS), an independent, nonprofit organization with a mission to create confidence in the connected world, today released the industry’s first formal guidelines for software supply chain security. Developed through collaboration between the two organizations, the …

With SaaS in Singapore, Aqua says its customers in government, banking, financial services as well as other regulated sectors can use the service for comprehensive cloud native security, compliance and risk management.

According to Aqua, operating SaaS products in Singapore means that customers in governments, banks, financial services, and other regulated sectors will have comprehensive cloud-native security, compliance, and risk management services in the region.

In a blog post Aqua security researchers Yakir Kadkoda, Ilay Goldman, Assaf Morag, and Ofek Itach said they had found tens of thousands of user tokens were accessible through the Travis CI API, which provides a way to fetch clear-text log files.

Singapore — June 14, 2022 — Aqua Security, the leading pure-play cloud native security provider, today announced the general availability (GA) of cloud native security SaaS in Singapore, serving the broader APJ region. Customers can immediately take advantage of the data sovereignty, platform security and flexibility provided by the SaaS service to prevent cloud native …

These access keys and credentials are linked to popular cloud service providers, including GitHub, AWS, and Docker Hub,” Aqua Security said. “Attackers can use this sensitive data to initiate massive cyberattacks and to move laterally in the cloud. Anyone who has ever used Travis CI is potentially exposed, so we recommend rotating your keys immediately.