Deceptive Deprecation: The Truth About npm Deprecated Packages

Aqua Cloud Native Blog

Expert insight, best practices and advice on cloud native security, trends, threat intelligence and compliance.

SECURITY RESEARCH
Deceptive Deprecation: The Truth About npm Deprecated Packages
Threat Alert
Researchers at Aqua Nautilus found that 8.2% percent of the most downloaded npm packages are officially deprecated, but due to inconsistent practices in handling package dependencies, the real number is much larger, closer to 21.2%. Moreover, some package maintainers, when confronted with security flaws, deprecate their packages instead of reporting them, getting a CVE assigned …
Read more
SECURITY RESEARCH
Apache Applications Targeted by Stealthy Attacker
Threat Alert
Researchers at Aqua Nautilus have uncovered a new attack targeting Apache Hadoop and Flink applications. This attack is particularly intriguing due to the attacker’s use of packers and rootkits to conceal the malware. The simplicity with which these techniques are employed presents a significant challenge to traditional security defenses.
Read more
EXPERT INSIGHTS
2024 Cybersecurity Trends: AI, Cloud, and Threat Intelligence
As we begin this new year, we see the landscape of cybersecurity poised to witness a surge in AI-driven attacks, propelling the industry into a rapid cycle of innovation. Defenders are on a quest to develop advanced AI-based security measures, not just to detect and respond to threats in real-time, but to predict and thwart …
Read more
EXPERT INSIGHTS
The Evolving Landscape of Cloud Security: Our Predictions for 2024
In the ever-shifting realm of cybersecurity, where innovation and uncertainty intertwine, the year 2023 has been nothing short of chaos. As the dark underbelly of AI-powered threats surfaces, and court rulings redefine the consequences of security failures, the security industry stands at a pivotal juncture. CISOs face jail!
Read more
SOFTWARE SUPPLY CHAIN SECURITY
Lasting Legacy of Log4j: Lessons for Runtime Security
Another December is upon us, stores are full of shoppers, lights are illuminating cities, towns and cul-de-sacs as radio stations bombard listeners with the continuous rotation of holiday music. Yet amongst all this merriment sits the IT security professional behind their screen completing their end of year tasks. Their eyes slowly twitch, and they fill …
Read more
FEDERAL
Navigating Container Security within the FedRAMP Guidelines
The digital transformation journey of many organizations heavily leans on cloud technologies. As they migrate to the cloud, adhering to stringent security protocols becomes paramount. Enter FedRAMP(R) (Federal Risk and Authorization Management Program). It’s a government-wide initiative designed to provide a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.
Read more
SECURITY RESEARCH
The Ticking Supply Chain Attack Bomb of Exposed Kubernetes Secrets
Exposed Kubernetes secrets pose a critical threat of supply chain attack. Aqua Nautilus researchers found that the exposed Kubernetes secrets of hundreds of organizations and open-source projects allow access to sensitive environments in the Software Development Life Cycle (SDLC) and open a severe supply chain attack threat. Among the companies were SAP’s Artifacts management system …
Read more
EXPERT INSIGHTS
SEC vs. SolarWinds: A Cybersecurity Game Changer for CISOs
As winter winds swept across the US this month an even colder wind swept through offices of organizations everywhere, as the SEC brought charges against SolarWinds Corporation and its Chief Information Security Officer (CISO). With one simple indictment the lives of CISOs everywhere changed (even if they may not know it yet) as the consequences …
Read more
CLOUD SECURITY, SOFTWARE SUPPLY CHAIN SECURITY
Combating Unknown Unknowns In Hybrid IT Environments
Recent years have seen a dramatic 1400% increase in unknown unknowns, zero-day and fileless attacks, representing one of the most serious threats in cybersecurity today. The financial services sector is especially vulnerable given its complex, hybrid cloud IT environments comprising both legacy systems and modern cloud native platforms.  Security teams operate with a false sense …
Read more
SECURITY RESEARCH
50 Shades of Vulnerabilities: Uncovering Flaws in Open-Source Vulnerability Disclosures
Aqua Nautilus researchers evaluated the vulnerability disclosure process for tens of thousands of open-source projects and found flaws in the process. These flaws allowed harvesting the vulnerabilities before they were patched and announced. This could enable attackers to exploit security holes before the project’s users are alerted.
Read more
AQUA OPEN SOURCE
Scanning KBOM for Vulnerabilities with Trivy
Early this summer we announced the release of Kubernetes Bills of Material (KBOM) as part of Trivy, our all in one, popular open source security scanner. In the blog we discussed how KBOM is the manifest of all the important components that make up your Kubernetes cluster: Control plane components, Node Components, and Addons, including …
Read more
SECURITY RESEARCH
Looney Tunables Vulnerability Exploited by Kinsing
Threat Alert
Researchers from Aqua Nautilus have successfully intercepted Kinsing’s experimental incursions into cloud environments. Utilizing a rudimentary yet typical PHPUnit vulnerability exploit attack, a component of Kinsing’s ongoing campaign, we have uncovered the threat actor’s manual efforts to manipulate the Looney Tunables vulnerability (CVE-2023-4911). This marks the first documented instance of such an exploit, to the …
Read more
Page 2 of 32‹ Prev123456Next ›
Need to secure enterprise workloads?
Aqua Cloud Native Application Protection Platform (CNAPP)
Go cloud native with the experts!
Get Demo
Aqua Security stops cloud native attacks across the application lifecycle and is the only company with a $1M Cloud Native Protection Warranty to guarantee it. As the pioneer in cloud native security, Aqua helps customers reduce risk while building the future of their businesses. The Aqua Platform is the industry's most integrated Cloud Native Application Protection Platform (CNAPP), protecting the application lifecycle from code to cloud and back. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL with Fortune 1000 customers in over 40 countries.
Read Aqua Security reviews on G2

Use Cases

Environments

Partners

Resources

About Us

Get in Touch

Products

Get Started
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use | Cookie Settings |  
Accessibility Tools
Normal text size Medium text size Large text size
Normal display Black & White display High contrast display
Stop transitions and animations Underline Links