Aqua News

Attacks against container infrastructure have evolved, according to new research by Aqua Security. While the exploitation of misconfigured Docker APIs is nothing new, threat actors are now building and running malicious container images on the vulnerable host. Aqua’s cyber security researchers, the Nautilus Team, published a blog on Wednesday detailing a new type of attack against Docker container infrastructure. “The attacker …

If you’re a hacker, attacking open source software is also very attractive. “If I’m an attacker and I know that tens of thousands of organizations use, for example, MySQL, then writing an exploit that will attempt to break into MySQL based on a known vulnerability is much more likely to succeed statistically, because it’s being …

The basic idea behind the new open source Kubernetes security toolkit Starboard is so simple, says Aqua Security vice president of open source engineering Liz Rice, that once you see it, it just makes sense. “When you see vulnerability information right there next to the status information for an application, it’s one of those ideas that you …

This week’s selected open-source project of the week is a Kubernetes toolkit from Aqua Security called Starboard. Starboard integrates Kubernetes tools into the Kubernetes experience in order to provide a unified security experience. “What if all the Kubernetes security tools spoke the same language that everyone knows and understands? Similar to the standardized and well-known …

These kinds of attacks against container runtime environments aren’t new, said Tsvi Korren, field CTO at Aqua Security, in an email. “The fact that these environments blindly accept commands to pull (download) and run any publicly available image is giving a great incentive to attackers, because once they find an opening they can run basically …

Container storage and data management company Portworx has conducted its annual Container Adoption Survey every year since 2016. 2019’s report, which was jointly conducted with Aqua, “… tells a story of unabated growth in containerization with over 87% of respondents stating that they are running container technologies up from only 55% in 2017. Of those running applications in …

One example of attack as a result of a misconfigured container took place when hackers exploited a misconfigured Docker API port to execute an Ubuntu container with the kinsing malware, which then runs a crypto miner and spreads the malware to other containers and hosts. The attack was discovered by security firm Aqua Security, the attack …

Josh and Kurt talk to Liz Rice from Aqua Security about container security and her new book on the same topic. What does container security look like today? What are some things you can do now? What will container security look like in the future?