Aqua News

BOSTON — April 12, 2022 — Aqua Security, the leading pure-play cloud native security provider, today announced that Aqua Security has been recognized as a Representative Vendor in Gartner Innovation Insight for Software Bill of Materials (SBOMs) Report under Commercial SBOM Tools for Argon.* To realize the full benefits of SBOM, Gartner recommends software engineering …

A recent study by Aqua Security‘s Team Nautilus found that 32% of the top 35 npm packages are at risk of account takeover because their dependencies’ owners haven’t properly employed two-factor authentication (2FA).

The crucial thing to keep in mind, however, is that “even if the current exploit needs [a] specific configuration, the vulnerability is still general enough and can be exploited in different ways,” said Manasi Prabhavalkar, a product manager on the vulnerability response team at Aqua Security, in an email to VentureBeat.

Aqua Security has announced the results of a study which reveals that UK organizations have a long road ahead when it comes to understanding, planning and deploying their cloud native security strategies.

March has been full of events for the cloud native community as many new vulnerabilities were discovered and the largest cloud native conference, KubeCon, unveiled its agenda. Discover everything you need to know about the notorious “Dirty Pipe” vulnerability and find out how CVE-2022-0811 in CRI-O can allow container escape. Software supply chain security is only becoming more important, so …

Aqua Security’s Team Nautilus recently discovered malware that has honed in on this popular data tool. While Jupyter Notebook allows users to share their content with trusted contacts, access to the app is secured through account credentials or tokens.

Other attackers have found ways to exploit the free tier of continuous integration, continuous deployment (CI/CD) pipeline services — such as Azure DevOps, BitBucket, CircleCI, GitHub, GitLab, and TravisCI — and string together the transient workloads into a cryptomining cloud service, according to cloud security firm Aqua Security.

The new sample was discovered by researchers at Aqua Security, after it was caught in one of its honeypots. The ransomware specifically targets Jupyter Notebooks, an open-source web app used by data professionals to work with data, write and execute code, and visualize the results.