https://www.aquasec.com/ Cloud Native Security, Container Security & Serverless Security Mon, 12 Aug 2024 14:46:51 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/ Fri, 09 Aug 2024 19:13:35 +0000 https://www.aquasec.com/?p=21174 During February 2024, we discovered critical vulnerabilities in six AWS services. The impact of these vulnerabilities range between remote code execution (RCE), full-service user takeover (which might provide powerful administrative access), manipulation of AI modules, exposing sensitive data, data exfiltration and denial of service.  The affected services were:  CloudFormation Glue EMR SageMaker ServiceCatalog CodeStar  These vulnerabilities …]]> https://www.aquasec.com/blog/trailshark-understanding-aws-api-and-service-interactions/ Fri, 09 Aug 2024 19:12:43 +0000 https://www.aquasec.com/?p=21224 In this blog, we introduce TrailShark, a plugin that connects Wireshark with AWS CloudTrail logs. This open-source tool was developed as part of the “Bucket Monopoly” research, during which we identified six vulnerabilities in AWS by tracking service interactions and internal API calls. These vulnerabilities range from remote code execution (RCE) and full-service user takeover …]]> https://www.aquasec.com/blog/go-deeper-linux-runtime-visibility-meets-wireshark/ Wed, 07 Aug 2024 15:57:42 +0000 https://www.aquasec.com/?p=21380 Aqua Tracee is an open source runtime security and forensics tool for Linux, built to address common Linux security issues. Tracee’s main use case is to be installed in a production environment and continuously monitor system activity and detect suspicious behavior. Some alternative use cases which Tracee can be used for are dynamic malware analysis, …]]> https://www.aquasec.com/blog/panamorfi-a-new-discord-ddos-campaign/ Fri, 02 Aug 2024 13:25:45 +0000 https://www.aquasec.com/?p=21457 Aqua Nautilus researchers uncovered a new Distributed Denial of Service (DDoS) campaign dubbed ‘Panamorfi’, utilizing the Java written minecraft DDoS package – mineping – the threat actor launches a DDoS. Thus far we’ve only seen it deployed via misconfigured Jupyter notebooks. In this blog we explain about this attack, the techniques used by the threat …]]> https://www.aquasec.com/blog/kubernetes-history-how-it-conquered-cloud-native-orchestration/ Thu, 25 Jul 2024 04:13:34 +0000 https://www.aquasec.com/?p=21211 Did you know that Kubernetes originally had no built-in features for managing user permissions, or that support for storing data persistently didn’t appear until Kubernetes was four years old? If not, you might enjoy a dive into the history of Kubernetes on the tenth anniversary of the open source container orchestration system. This article highlights …]]> https://www.aquasec.com/blog/kubernetes-exposed-exploiting-the-kubelet-api/ Mon, 15 Jul 2024 05:58:43 +0000 https://www.aquasec.com/?p=20794 Kubelet API is a vital component in Kubernetes clusters that manages pods and their containers on each node. While it is not typically intended for direct user interaction, many DevOps teams may utilize the Kubelet API for debugging and direct node communication. However, exposing the Kubelet API to the public internet while enabling anonymous unauthenticated …]]> https://www.aquasec.com/blog/compliance-to-implementation-exploring-dora-and-nis-2-frameworks/ Wed, 10 Jul 2024 15:01:49 +0000 https://www.aquasec.com/?p=20860 The importance of cybersecurity and operational resilience in the financial sector has never been more pronounced. The European Union (EU) has been at the forefront of addressing these critical issues, enacting comprehensive legislations to safeguard the digital infrastructure and ensure the continuity of financial services. Two pivotal pieces of legislation in this domain are the …]]> https://www.aquasec.com/blog/undetected-hard-code-secrets-expose-corporations/ Sun, 23 Jun 2024 14:22:10 +0000 https://www.aquasec.com/?p=20563 For years, we’ve been educating developers not to hard-code secrets into their code. Now it turns out that even doing this once might permanently expose that secret, even after its apparent removal – and worse, most secrets scanning methods will miss it. Our research found that almost 18% of secrets might be overlooked.   We uncovered …]]> https://www.aquasec.com/blog/catch-me-if-you-can-uncovering-malicious-behavior-in-container-images/ Tue, 18 Jun 2024 20:09:59 +0000 https://www.aquasec.com/?p=20528 What do Frank Abagnale Jr., the notorious con artist from “Catch Me If You Can”, the Golden Snitch from “Harry Potter,” and the Higgs boson from physics have in common? They’re all extremely difficult to catch. Whether it’s outsmarting the FBI, eluding a Quidditch player, or taking physicists almost 50 years to discover, each represents …]]> https://www.aquasec.com/blog/understanding-the-importance-of-runtime-security-in-cloud-native-environments/ Mon, 17 Jun 2024 12:46:23 +0000 https://www.aquasec.com/?p=20495 Gartner has estimated that “90% of global organizations will be running containerized applications in production by 2026—up from 40% in 2021.”   The inherent benefits of cloud native application development enable developers to introduce new code into the environment at an accelerated rate. However, the dynamic nature of these environments amplifies the risks associated with runtime …]]>