New Gafgyt Botnet Variant Targets Weak SSH Passwords for GPU Crypto Mining
Aqua cybersecurity researchers have discovered a new variant of the Gafgyt botnet that’s targeting machines with weak SSH passwords to ultimately mine cryptocurrency on compromised instances using their GPU computational power.
Aqua Security Named a Representative Vendor in the 2024 Gartner® Market Guide for Cloud-Native Application Protection Platforms (CNAPP)
BOSTON, August 12, 2024 – Aqua Security, the pioneer in cloud native security, today announced that it has been named as a Representative Vendor in the Gartner® Market Guide for Cloud-Native Application Protection Platforms (CNAPP). The new Gartner report examines the extensive CNAPP market and its growth potential, and it recognizes vendors as Representative Vendors. …
S3 shadow buckets leave AWS accounts open to compromise
Researchers from security firm Aqua Security identified six AWS services that were creating predictably named S3 buckets and that were vulnerable to the new hijacking technique. They presented their findings in a talk at the Black Hat USA security conference this week.
Aqua Security Unveils Traceeshark: Open Source Tool Combining Tracee’s Dynamic Analysis of Linux Malware with Wireshark
BOSTON—August 7, 2024—Aqua Security, the pioneer in cloud native security, today unveiled Traceeshark, an innovative plugin for Wireshark that enables security practitioners to quickly investigate security incidents. Traceeshark enhances the capabilities of Aqua Tracee, an open source runtime security and forensics tool for Linux, and empowers users to analyze kernel-level event and behavioral detection alongside …
Aqua Discovers Critical Vulnerabilities in 6 AWS Cloud Services
BOSTON—August 7, 2024—Aqua Security, the pioneer in cloud native security, today unveiled new research by its cyber research team, Nautilus, addressing critical vulnerabilities in six AWS services. The potential impacts include remote code execution (RCE), full-service user takeover which might provide powerful administrative access, manipulation of AI modules, exposing sensitive data, data exfiltration and denial …
Researchers unveil AWS vulnerabilities, ‘shadow resource’ vector
During a Black Hat USA 2024 session, Aqua Security researchers demonstrated how they discovered six cloud vulnerabilities in AWS services and a new attack vector.
Hackers Exploit Misconfigured Jupyter Notebooks with Repurposed Minecraft DDoS Tool
The activity, codenamed Panamorfi by cloud security firm Aqua, utilizes a Java-based tool called mineping to launch a TCP flood DDoS attack. Mineping is a DDoS package designed for Minecraft game servers.
Aqua Security Chosen by 10 of the top North American Banks for Cloud Native Application Protection
BOSTON—July 11, 2024 — Aqua Security, the pioneer in cloud native security, today announced that 10 of North America’s largest and most influential banks have chosen its cloud native application protection platform (CNAPP), the Aqua Platform, to prevent attacks in the software supply chain and stop attacks as they happen in real time in production. With Aqua, customers …
- Shadow Roles: AWS Defaults Can Open the Door to Service Takeover April 29, 2025
- From Prompt to Production: Runtime Protection for AI Workloads April 28, 2025
- What’s Really Happening in Your Containers? Aqua’s Risk Assessment Has the Answer April 23, 2025
- How to Secure Your Containers from TeamTNT’s Docker Gatling Gun Campaign April 14, 2025
- Aqua Security Achieves FedRAMP® High Authorization April 7, 2025
- Tomcat in the Crosshairs: New Research Reveals Ongoing Attacks April 2, 2025
