Aqua News

Other attackers have found ways to exploit the free tier of continuous integration, continuous deployment (CI/CD) pipeline services — such as Azure DevOps, BitBucket, CircleCI, GitHub, GitLab, and TravisCI — and string together the transient workloads into a cryptomining cloud service, according to cloud security firm Aqua Security.

The new sample was discovered by researchers at Aqua Security, after it was caught in one of its honeypots. The ransomware specifically targets Jupyter Notebooks, an open-source web app used by data professionals to work with data, write and execute code, and visualize the results.

In this Q&A, Itay Shakury, Aqua Security’s Director of Open Source, discusses cloud trends, Kubernetes security, hiring for InfoSec jobs, and everything in between.

Around a third of respondents say between half and three quarters of their apps are cloud native, yet 20 percent have no cloud native security strategy in place  Nearly half (44 percent) rely on ‘free’ offerings from their cloud providers  Less than a third of respondents consider cloud misconfiguration to be their biggest cyber security …

“The tech community is getting faster at fixing discovered security issues for a variety of reasons, including advancing DevOps and CI/CD technological advancements, adopting bug bounty programs into the mainstream, embracing open source platforms’ security issue tracking, and Project Zero making an impact,” said Eylam Milner, director, Argon Technology with Aqua Security.

“[The hack] highlights the need for secure development processes, SAST and DAST scans, secret scans, etc. It is also a good reminder that organizations should treat their code as if it were open source, and if their code is exposed, then minimal damage will occur,” according to Yakir Kadkoda, Lead Security Researcher at Aqua Security.

BOSTON — March 24, 2022 — Aqua Security, the leading pure-play cloud native security provider, today announced it has released the industry’s most robust set of cloud native security icons. Available in the Aquasec GitHub repository and The Noun Project, the library of more than 200 free icons is part of an effort to standardize …

VentureBeat chose 10 of the current security unicorns to highlight. Criteria is that they’re reporting strong growth; they’re in a fast-growing market; and that the editor had the chance to interview their CEO or president in recent months, giving him a sense of their strategy, differentiators and traction with customers.