Aqua News

BOSTON— January 18, 2023—Aqua Security, the leading pure-play cloud native security provider, today announced that it has been named the Best Cloud Native Security Solution/Service in Techstrong Group’s DevOps Dozen Awards. Aqua was honored for its innovative Cloud Native Application Protection Platform (CNAPP) and influential commitment to the DevOps and security community. “The term ‘cloud-native …

CircleCI is assuming responsibility and taking steps to protect its customers, Assaf Morag, lead data analyst at cloud native security company Aqua Security, notes. But is important for customers to respond proactively to the security incident as well.  

Aqua researchers have found it surprisingly easy to upload malicious Visual Studio Code extensions to the VSCode Marketplace, and discovered signs of threat actors already exploiting this weakness. 

Aqua Security, in its own analysis of the bogus torchtriton module, said the package is almost 100% identical to its legitimate counterpart except for one crucial change that enables it to run a malicious binary called triton for harvesting the sensitive data.

Eilon Elhadad, Aqua’s Senior Director of Supply Chain, shared his predictions on software supply chain security.  

Itay Shakury, VP Open Source, conducted a Q&A sharing details on Trivy, the all-in-one, open source security scanner that helps teams incorporate security into their workflow.  

Eylam Milner, Aqua’s Senior Director of Software Supply Chain, contributed an article on how SBOM and automation will help better detect, prevent, and remediate security issues throughout the software development life cycle.

Eilon Elhadad, Aqua’s Senior Director of Supply Chain, contributed an article on the increase of software supply chain attacks and how bad actors are focusing on source code to generate weaknesses and open backdoors to critical applications.