Shadow Roles: AWS Defaults Can Open the Door to Service Takeover

Aqua Nautilus Research Blog

Team Nautilus focuses on cybersecurity research of the cloud native st, missioned to uncover new vulnerabilities, threats and attacks that target containers, Kubernetes, serverless, and public cloud infrastructure.

Shadow Roles: AWS Defaults Can Open the Door to Service Takeover
Security Threat
What if the biggest risk to your cloud environment wasn’t a misconfiguration you made, but one baked into the defaults? Our research uncovered security concerns in the deployment of resources within a few AWS services, specifically in the default AWS service roles. These roles, often created automatically or recommended during setup, grant overly broad permissions, …
Read more
Top Research Blogs
Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
Security Threat
Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources thumbnail
300,000+ Prometheus Servers and Exporters Exposed to DoS Attacks
Security Threat
300,000+ Prometheus Servers and Exporters Exposed to DoS Attacks thumbnail
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
Security Threat
perfctl: A Stealthy Malware Targeting Millions of Linux Servers thumbnail
Phantom Secrets: Undetected Secrets Expose Major Corporations
Security Threat
Phantom Secrets: Undetected Secrets Expose Major Corporations thumbnail
Can You Trust Your VSCode Extensions?
Can You Trust Your VSCode Extensions? thumbnail
Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secrets
Security Threat
Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secrets thumbnail
SECURITY RESEARCH
Tomcat in the Crosshairs: New Research Reveals Ongoing Attacks
News headlines reported that it took just 30 hours for attackers to exploit a newly discovered vulnerability in Apache Tomcat servers. But what does this mean for workloads relying on Tomcat? Aqua Nautilus researchers discovered a new attack campaign targeting Apache Tomcat. In this blog, we shed light on newly discovered malware that targets Tomcat …
Read more
SECURITY RESEARCH
Stopping Sobolan Malware with Aqua Runtime Protection  
Aqua Nautilus researchers have discovered a new attack campaign targeting interactive computing environments such as Jupyter Notebooks. The attack consists of multiple stages, beginning with the download of a compressed file from a remote server. Once executed, the attacker deploys several malicious tools to exploit the server and establish persistence. This campaign poses a significant …
Read more
Get Security Threat Alerts
SECURITY RESEARCH
OPA Gatekeeper Bypass Reveals Risks in Kubernetes Policy Engines
Security Threat
Implementing Kubernetes securely can be a daunting task. Fortunately, there are tools in the K8s toolshed that provide out-of-the-box solutions using a single click. One such tools is OPA Gatekeeper. It is a great out-of-the-box security checkpoint to enforce security policies on Kubernetes. But are users using it correctly? Do they understand its limitations? Our …
Read more
SECURITY RESEARCH
300,000+ Prometheus Servers and Exporters Exposed to DoS Attacks
Security Threat
In this research, we uncovered several vulnerabilities and security flaws within the Prometheus ecosystem. These findings span across three major areas: information disclosure, denial-of-service (DoS), and code execution.  We found that exposed Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API keys.   
Read more
SECURITY RESEARCH
Matrix Unleashes A New Widespread DDoS Campaign
Security Threat
Aqua Nautilus researchers uncovered a new and widespread Distributed Denial-of-Service (DDoS) campaign orchestrated by a threat actor named Matrix. Triggered by activities detected on our honeypots, this investigation dives deep into Matrix’s methods, targets, tools, and overall goals.   
Read more
SECURITY RESEARCH
Threat Actors Hijack Misconfigured Servers for Live Sports Streaming
Security Threat
To keep up with the ever-evolving world of cybersecurity, Aqua Nautilus researchers deploy honeypots that mimic real-world development environments. During a recent threat-hunting operation, they uncovered a surprising new attack vector: threat actors using misconfigured servers to hijack environments for streaming sports events. By exploiting misconfigured JupyterLab and Jupyter Notebook applications, attackers drop live streaming …
Read more
SECURITY RESEARCH
TeamTNT’s Docker Gatling Gun Campaign
Security Threat
Long time no see, Aqua Nautilus researchers have identified a new campaign in the making by TeamTNT, a notorious hacking group. In this campaign, TeamTNT appears to be returning to its roots while preparing for a large-scale attack on cloud native environments. The group is currently targeting exposed Docker daemons to deploy Sliver malware, a …
Read more
SECURITY RESEARCH
AWS CDK Risk: Exploiting a Missing S3 Bucket Allowed Account Takeover
Security Threat
In June 2024, we uncovered a security issue related to the AWS Cloud Development Kit (CDK), an open-source project. This discovery adds to the six other vulnerabilities we discovered within AWS services.  The impact of this issue could, in certain scenarios (outlined in the blog), allow an attacker to gain administrative access to a target AWS account, …
Read more
SECURITY RESEARCH
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
Security Threat
In this blog post, Aqua Nautilus researchers aim to shed light on a Linux malware that, over the past 3-4 years, has actively sought more than 20,000 types of misconfigurations in order to target and exploit Linux servers. If you have a Linux server connected to the internet, you could be at risk. In fact, …
Read more
SECURITY RESEARCH
CUPS: A Critical 9.9 Linux Vulnerability Reviewed
Security Threat
In the past couple of days there has been many troubling publications and discussions about a mysterious critical Linux vulnerability allowing remote code execution. While this headline is very alarming, after diving into details there are many preconditions that cool down the level of alertness. Aqua Security researchers have looked into the content that was …
Read more
SECURITY RESEARCH
Sink or Swim: Tackling 2024’s Record-Breaking Vulnerability Wave
28,821 — that’s the number of vulnerabilities reported last year alone. With over 28,000 CVEs this year so far, 2024 is on track to set an even more troubling record. As cloud native technologies have become the backbone of modern IT infrastructure, these staggering figures highlight a growing and urgent threat. In this blog, we’ll …
Read more
Page 1 of 1112345Next ›
Need to secure enterprise workloads?
Aqua Cloud Native Application Protection Platform (CNAPP)
Go cloud native with the experts!
Get Demo
Aqua Security is the pioneer in securing containerized cloud native applications from development to production. Aqua's full lifecycle solution prevents attacks by enforcing pre-deployment hygiene and mitigates attacks in real time in production, reducing mean time to repair and overall business risk. The Aqua Platform, a Cloud Native Application Protection Platform (CNAPP), integrates security from Code to Cloud, combining the power of agent and agentless technology into a single solution. With enterprise scale that doesn’t slow development pipelines, Aqua secures your future in the cloud. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL protecting over 500 of the world’s largest enterprises.
Read Aqua Security reviews on G2

Use Cases

Environments

Partners

Resources

About Us

Get in Touch

Products

Get Started
Copyright © 2025 Aqua Security Software Ltd.   Privacy Policy | Terms of Use | Cookie Settings |  
Accessibility Tools
Normal text size Medium text size Large text size
Normal display Black & White display High contrast display
Stop transitions and animations Underline Links