Cloud Native Security, Container Security & Serverless Security Mon, 12 Aug 2024 14:46:51 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 https://www.aquasec.com/blog/bucket-monopoly-breaching-aws-accounts-through-shadow-resources/ Fri, 09 Aug 2024 19:13:35 +0000 https://www.aquasec.com/?p=21174 During February 2024, we discovered critical vulnerabilities in six AWS services. The impact of these vulnerabilities range between remote code execution (RCE), full-service user takeover (which might provide powerful administrative access), manipulation of AI modules, exposing sensitive data, data exfiltration and denial of service.  The affected services were:  CloudFormation Glue EMR SageMaker ServiceCatalog CodeStar  These vulnerabilities …]]> https://www.aquasec.com/blog/trailshark-understanding-aws-api-and-service-interactions/ Fri, 09 Aug 2024 19:12:43 +0000 https://www.aquasec.com/?p=21224 In this blog, we introduce TrailShark, a plugin that connects Wireshark with AWS CloudTrail logs. This open-source tool was developed as part of the “Bucket Monopoly” research, during which we identified six vulnerabilities in AWS by tracking service interactions and internal API calls. These vulnerabilities range from remote code execution (RCE) and full-service user takeover …]]> https://www.aquasec.com/blog/panamorfi-a-new-discord-ddos-campaign/ Fri, 02 Aug 2024 13:25:45 +0000 https://www.aquasec.com/?p=21457 Aqua Nautilus researchers uncovered a new Distributed Denial of Service (DDoS) campaign dubbed ‘Panamorfi’, utilizing the Java written minecraft DDoS package – mineping – the threat actor launches a DDoS. Thus far we’ve only seen it deployed via misconfigured Jupyter notebooks. In this blog we explain about this attack, the techniques used by the threat …]]> https://www.aquasec.com/blog/kubernetes-exposed-exploiting-the-kubelet-api/ Mon, 15 Jul 2024 05:58:43 +0000 https://www.aquasec.com/?p=20794 Kubelet API is a vital component in Kubernetes clusters that manages pods and their containers on each node. While it is not typically intended for direct user interaction, many DevOps teams may utilize the Kubelet API for debugging and direct node communication. However, exposing the Kubelet API to the public internet while enabling anonymous unauthenticated …]]> https://www.aquasec.com/blog/undetected-hard-code-secrets-expose-corporations/ Sun, 23 Jun 2024 14:22:10 +0000 https://www.aquasec.com/?p=20563 For years, we’ve been educating developers not to hard-code secrets into their code. Now it turns out that even doing this once might permanently expose that secret, even after its apparent removal – and worse, most secrets scanning methods will miss it. Our research found that almost 18% of secrets might be overlooked.   We uncovered …]]> https://www.aquasec.com/blog/muhstik-malware-targets-message-queuing-services-applications/ Tue, 04 Jun 2024 16:39:29 +0000 https://www.aquasec.com/?p=20387 Aqua Nautilus discovered a new campaign of Muhstik malware targeting message queuing services applications, specifically the Apache RocketMQ platform. Our investigation revealed that the attackers downloaded the known malware Muhstik onto the compromised instances by exploiting a known vulnerability in the platform. In this blog, we will explore how the attackers exploit the existing vulnerability …]]> https://www.aquasec.com/blog/linguistic-lumberjack-understanding-cve-2024-4323-in-fluent-bit/ Fri, 24 May 2024 22:18:42 +0000 https://www.aquasec.com/?p=20293 Linguistic Lumberjack is a new critical severity vulnerability (CVE-2024-4323) that affects Fluent Bit versions 2.0.7 through 3.0.3. The vulnerability involves a memory corruption error, potentially leading to denial of service, information disclosure, or remote code execution.   Fluent Bit is a highly popular open-source data collector and processor designed for handling large volumes of log data …]]> https://www.aquasec.com/blog/github-repos-expose-azure-and-red-hat-secrets/ Thu, 16 May 2024 12:00:48 +0000 https://www.aquasec.com/?p=19994 What happens when employees at some of the world’s largest organizations like Microsoft and RedHat use personal GitHub repos for their side projects? They can unknowingly expose corporate secrets and credentials opening the doors for a security incident. Unfortunately, this isn’t just a hypothetical situation.   In a recent study, we explained how we analyzed …]]> https://www.aquasec.com/blog/lucifer-ddos-botnet-malware-is-targeting-apache-big-data-stack/ Wed, 21 Feb 2024 07:58:29 +0000 https://www.aquasec.com/?p=17472 Aqua Nautilus has unveiled a new campaign targeting Apache big-data stack, specifically Apache Hadoop and Apache Druid. Upon investigation, it was discovered that the attacker exploits existing misconfigurations and vulnerabilities within our Apache cloud honeypots to execute the attacks. The campaign employs a new variant of a well-known DDoS botnet that focuses on vulnerable Linux …]]> https://www.aquasec.com/blog/snap-trap-the-hidden-dangers-within-ubuntus-package-suggestion-system/ Wed, 14 Feb 2024 06:00:55 +0000 https://www.aquasec.com/?p=17482 Aqua Nautilus researchers have identified a security issue that arises from the interaction between Ubuntu’s command-not-found package and the snap package repository. While command-not-found serves as a convenient tool for suggesting installations for uninstalled commands, it can be inadvertently manipulated by attackers through the snap repository, leading to deceptive recommendations of malicious packages. Additionally, our …]]>