Aqua News

Aqua Security Surfaces Threat to Container Hosts

July 16, 2020

Aqua Security this week reported a new type of cyberattack that exploits Docker application programming interfaces (APIs) to build and run a malicious container image on the host. Asaf Morag, lead data analyst for Aqua Security, says this approach enables cybercriminals to end-run static analysis tools that only discover malicious code prior to it being deployed […]

Read more

Attackers find new way to exploit Docker APIs

July 15, 2020

Attacks against container infrastructure have evolved, according to new research by Aqua Security. While the exploitation of misconfigured Docker APIs is nothing new, threat actors are now building and running malicious container images on the vulnerable host. Aqua’s cyber security researchers, the Nautilus Team, published a blog on Wednesday detailing a new type of attack against Docker container infrastructure. “The attacker […]

Read more

Cloud Native Security

What ‘Security’ Means for Open Source Software

June 23, 2020

If you’re a hacker, attacking open source software is also very attractive. “If I’m an attacker and I know that tens of thousands of organizations use, for example, MySQL, then writing an exploit that will attempt to break into MySQL based on a known vulnerability is much more likely to succeed statistically, because it’s being […]

Read more

Cloud Native Security

Kubernetes Starboard Project Offers Security Scanning from Kubectl

June 15, 2020

The basic idea behind the new open source Kubernetes security toolkit Starboard is so simple, says Aqua Security vice president of open source engineering Liz Rice, that once you see it, it just makes sense. “When you see vulnerability information right there next to the status information for an application, it’s one of those ideas that you […]

Read more

ITOps Times Open-Source Project of the Week: Starboard

June 12, 2020

This week’s selected open-source project of the week is a Kubernetes toolkit from Aqua Security called Starboard. Starboard integrates Kubernetes tools into the Kubernetes experience in order to provide a unified security experience. “What if all the Kubernetes security tools spoke the same language that everyone knows and understands? Similar to the standardized and well-known […]

Read more

SDX Central

Hackers Cryptojack Microsoft Azure ML Clusters

June 12, 2020

These kinds of attacks against container runtime environments aren’t new, said Tsvi Korren, field CTO at Aqua Security, in an email. “The fact that these environments blindly accept commands to pull (download) and run any publicly available image is giving a great incentive to attackers, because once they find an opening they can run basically […]

Read more

Managing the Security of Cloud-Native Architectures

June 10, 2020

Container storage and data management company Portworx has conducted its annual Container Adoption Survey every year since 2016. 2019’s report, which was jointly conducted with Aqua, “… tells a story of unabated growth in containerization with over 87% of respondents stating that they are running container technologies up from only 55% in 2017. Of those running applications in […]

Read more

How Misconfigured Containers May Create Cybersecurity Issues for Companies

June 10, 2020

One example of attack as a result of a misconfigured container took place when hackers exploited a misconfigured Docker API port to execute an Ubuntu container with the kinsing malware, which then runs a crypto miner and spreads the malware to other containers and hosts. The attack was discovered by security firm Aqua Security, the attack […]

Read more