Over 35M devices subjected to widespread Matrix DDoS campaign
Despite primarily leveraging the Mirai botnet to facilitate its DDoS intrusions, Matrix has also exploited known Apache HugeGraph and Arcadyan firmware flaws and the SSH and Telnet administrative protocols, while utilizing Discord bots to enable encrypted DDoS command execution, according to a report from Aqua Security’s Nautilus threat research team.
Aqua Security uncovers massive denial-of-service campaign targeting 35M devices
A new report released today from Aqua Security Software Ltd.’s Nautilus research team details a massive distributed denial-of-service campaign by a threat actor called Matrix.
Vulnerable Jupyter Servers Targeted for Sports Piracy
Aqua Security believes that Jupyter solutions are typically used for data science by individuals who may lack awareness of common misconfigurations that can leave servers vulnerable to hackers.
Aqua Security Listed in OWASP’s LLM and Generative AI Security Solutions Landscape Guide for 2025
BOSTON, Nov 18, 2024 – Aqua Security, the pioneer in cloud native security, today announced that it is listed as a recommended solution in the Open Web Application Security Project (OWASP) LLM and Generative AI Security Solutions Landscape Guide 2025. Solutions on the list were selected for their ability to empower organizations to develop LLM …
Why Software Secrets Need Ghostbusting
Aqua Nautilus research suggests that as many as 18% of “software secrets” are inadvertently exposed and not being discovered proactively, meaning there could be more undiscovered out there.
AWS’s Predictable Bucket Names Make Accounts Easier to Crack
“A key takeaway for open source projects that rely on AWS is to ensure they don’t use predictable bucket names,” says Yakir Kadkoda, lead security researcher with Aqua. “They should provide an option for users to modify the bucket name that the open source project creates for its operation or implement a check on the …
AWS Cloud Development Kit flaw exposed accounts to full takeover
Bug hunters at Aqua spotted the CDK issue on June 27, according to the firm’s security researchers Ofek Itach and Yakir Kadkoda. About two weeks later, the cloud giant patched the flaw with CDK version v2.149.0.
Aqua Security Awarded Best Cloud Native Product at Cloud Excellence Awards 2024
London – October 14, 2024 – Aqua Security, the pioneer in cloud native security, today announced its Cloud Native Security Platform has been named Best Cloud Native Product at the Computing Cloud Excellence Awards 2024. The Computing Cloud Excellence Awards recognise the best of the UK’s cloud computing industry, highlighting the most innovative and compelling …
- Shadow Roles: AWS Defaults Can Open the Door to Service Takeover April 29, 2025
- From Prompt to Production: Runtime Protection for AI Workloads April 28, 2025
- What’s Really Happening in Your Containers? Aqua’s Risk Assessment Has the Answer April 23, 2025
- How to Secure Your Containers from TeamTNT’s Docker Gatling Gun Campaign April 14, 2025
- Aqua Security Achieves FedRAMP® High Authorization April 7, 2025
- Tomcat in the Crosshairs: New Research Reveals Ongoing Attacks April 2, 2025
