Threat Alert: Phishing as a Service to Ramp Up Supply Chain Attacks

Aqua Nautilus Research Blog

Nautilus focuses on cybersecurity research of the cloud native stack, missioned to uncover new vulnerabilities, threats and attacks that target containers, Kubernetes, serverless, and public cloud infrastructure.

SECURITY RESEARCH

Threat Alert: Phishing as a Service to Ramp Up Supply Chain Attacks

Threat actors are ramping up their game by deploying Phishing as a Service (PhaaS) to code and package managers (such as GitHub, PyPI, Ruby, NPM). This tactic circumvents Multi-Factor Authentication (MFA) mechanisms leading to session cookie hijacks and account takeovers. As we’ve learned in recent years, account takeovers of these applications lead to supply chain …

SECURITY RESEARCH

Detecting Drovorub’s File Operations Hooking with Tracee

Two years ago, the NSA (the United States’ National Security Agency) revealed that Drovorub, an advanced Russian malware created by the GRU 85th GTsSS team, had been discovered targeting Linux systems. Drovorub works by introducing advanced techniques which can manipulate the Linux operation system. It has an advanced kernel rootkit that hooks several kernel functions. In …

SECURITY RESEARCH

Threat Alert: Cloud Network Bandwidth Now Stolen through Cryptojacking

Threat actors are looking to increase their financial gain and thus deploy cryptominers which are considered easy to use and lucrative. Cryptomining involves complex calculations leading to high computation power and consequently increased CPU consumption and electricity (or cloud) bill. Aqua Nautilus found a new type of cryptomining attack in the wild. As far as …

SECURITY RESEARCH

Detecting and Capturing Kernel Modules with Tracee and eBPF

Security practitioners often need to investigate malicious artifacts in their environments, which can be challenging if those are deleted or loaded from memory. This is increasingly the case as threat actors are weaponizing Linux kernel modules to perform and hide their attacks. In this blog, we look into kernel modules and explain why they can …

SECURITY RESEARCH

CVE-2022-32223 Discovery: DLL Hijacking via npm CLI

Aqua Team Nautilus recently discovered that all Node.js versions earlier than 16.16.0 (LTS) and 14.20.0 on Windows are vulnerable to dynamic link library (DLL) hijacking if OpenSSL is installed on the host. Attackers can exploit this vulnerability to escalate their privileges and establish persistence in a target environment. The vulnerability can also provide another way …

SECURITY RESEARCH

8220 Gang Deploys a New Campaign with Upgraded Techniques

A recent campaign by the 8220 gang, who have been known to exploit the newly discovered critical Confluence vulnerability (CVE-2022-26134), targeted one of our honeypots. This campaign has evolved over time to deliberately target containers. In this game of cat and mouse, the threat actors used some new techniques, refurbishing the scripts from one attack …

SECURITY RESEARCH

GitHub Bug Allowed Third-Party Apps to Gain Elevated Permissions

We learned about a bug in GitHub that for about five days at the end of February allowed third-party applications connected to GitHub to generate new scoped installation tokens with elevated permissions. For example, if you connected the Codecov app to your GitHub account with read-only access to your repositories, during that window the app …

SECURITY RESEARCH

Public Travis CI Logs (Still) Expose Users to Cyber Attacks

In our latest research, we at Team Nautilus found that tens of thousands of user tokens are exposed via the Travis CI API, which allows anyone to access historical clear-text logs. More than 770 million logs of free tier users are available, from which you can easily extract tokens, secrets, and other credentials associated with …

SECURITY RESEARCH

Detecting and Analyzing an Apache Struts Exploit with Tracee

When running third-party applications in your cloud environments, you inherently put your workloads at greater risk. This is especially the case when the third-party software exposes some API function to the public web. Apache Struts 2 is a popular open source cross-platform web application framework, used by many developers in their day-to-day work. Recently, we …

SECURITY RESEARCH

Package Planting: Are You [Unknowingly] Maintaining Poisoned Packages?

Aqua’s Team Nautilus found a logical flaw in npm that allows threat actors to masquerade a malicious package as legitimate and trick unsuspecting developers into installing it. Up until recently, npm allowed adding anyone as a maintainer of the package without notifying these users or getting their consent. Since you could assign poisoned packages under …

SECURITY RESEARCH

Hunting Rootkits with eBPF: Detecting Linux Syscall Hooking Using Tracee

Today, cloud native platforms are increasingly using eBPF-based security technology. It enables the monitoring and analysis of applications’ runtime behavior by creating safe hooks for tracing internal functions and capturing important data for forensic purposes. Tracee is an open source runtime security and forensics tool for Linux that is powered by eBPF and is more …

SECURITY RESEARCH

2022 Cloud Native Threat Report: Key Trends in Cyber Attacks

As companies continue to adopt cloud native technologies at a rapid pace, an increasing number of cyber threats are targeting the cloud native environment. To defend against these threats, security practitioners must stay abreast of attackers’ evolving tactics, techniques, and procedures. For its 2022 Cloud Native Threat report, Aqua’s Team Nautilus analyzed attacks that were …

Page 6 of 11‹ Prev 2 3 4 567 8 9 10 Next ›

Need to secure enterprise workloads?

Aqua Cloud Native Application Protection Platform (CNAPP)

Go cloud native with the experts!

Get Demo

Aqua Security is the pioneer in securing containerized cloud native applications from development to production. Aqua's full lifecycle solution prevents attacks by enforcing pre-deployment hygiene and mitigates attacks in real time in production, reducing mean time to repair and overall business risk. The Aqua Platform, a Cloud Native Application Protection Platform (CNAPP), integrates security from Code to Cloud, combining the power of agent and agentless technology into a single solution. With enterprise scale that doesn’t slow development pipelines, Aqua secures your future in the cloud. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL protecting over 500 of the world’s largest enterprises.

Read Aqua Security reviews on G2

Use Cases

Environments

Partners

Products

Get Started

Copyright © 2025 Aqua Security Software Ltd. Privacy Policy | Terms of Use | Cookie Policy | |