“Containers and cloud-native technologies allow for more efficient and scalable development, Chris Smith, Aqua CRO said, but they also increase the complexity of the environment, making it essential to have visibility and an “agent-based security approach” to identify and resolve any issues that may arise.”
Co-founder and CEO Dror Davidoff was featured by CRN. He shares in his insights: “For many customers, cloud security started by just getting visibility — to understand what they have in the cloud. I think there is a realization that it’s a good first step, but it’s certainly not enough.”
Research that cloud-security vendor Aqua Security recently conducted uncovered some 250 million software artifacts and more than 65,000 container images lying exposed and Internet-accessible in thousands of registries and repositories. Some 1,400 hosts allowed access to secrets, keys, passwords, and other sensitive data that an attacker could use to mount a supply chain attack, or […]
A new report from the Aqua Nautilus research team found 250 million artifacts and 65,600 container images were exposed, leaving five Fortune 500 companies, as well as “thousands of others”, at risk.
BOSTON—April 24, 2023—Aqua Security, the pioneer in cloud native security, today announced that its security research team, Aqua Nautilus, discovered 250 million artifacts and 65,600 container images that were exposed via thousands of misconfigured container images, Red Hat Quay registries, JFrog Artifactory and Sonatype Nexus artifact registries. Many contained highly confidential and sensitive proprietary code […]
Researchers at cybersecurity firm Aqua Security said they recorded and analyzed an attack on its Kubernetes honeypots that used the RBAC system to gain persistence.RBAC is a method of restricting network access based on the roles of individual users within an organization.
“The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack,” cloud security firm Aqua said in a report shared with The Hacker News. The Israeli company, which dubbed the attack RBAC Buster, said it found 60 exposed K8s clusters that have been exploited by the threat actor behind this campaign.