Threat Alert: Supply Chain Attacks Using Container Images

Aqua Cloud Native Blog \ Tags: Container Security

SECURITY RESEARCH
Threat Alert: Supply Chain Attacks Using Container Images
Team Nautilus, Aqua Security’s threat research team, has uncovered several supply chain attacks that use malicious container images to compromise their victim. These five container images were found on Docker Hub, which we scan daily for signs of malicious activity. The images hijack organizations’ resources to mine cryptocurrency and can be used as part of …
Read more
Uncategorized
How Forum Engineering Secures its AI Solution with Aqua
Digital transformation is fundamentally changing how organizations compete and engage with customers, even redefining traditional labor-intensive industries. A great example of this is Forum Engineering, a staffing company from Japan, which developed an AI-based Software-as-a-Service solution to stay ahead of the competition. The challenges of securing this innovative offering required a platform that can protect …
Read more
CONTAINER SECURITY
How Do Containers Contain? Container Isolation Techniques
If you work with containers long enough, you already know that containers should not be considered as security boundaries. In this blog, we’ll explore how different container isolation techniques intend to provide a solution to this problem, and whether their strengths and weaknesses make them a practical choice.
Read more
CONTAINER SECURITY
Container Isolation: Is a Container a Security Boundary?
One of the fundamental questions in container security, since the early days of Docker, is whether a container constitutes a security boundary. In this first part of a two-blog discussion of containers and isolation, we take a look at the security boundary question, along with key examples. Part II will continue with the nuances of …
Read more
RUNTIME SECURITY
Detect and Prevent Exploits in Runtime with Vulnerability Shielding
A single vulnerability in one of the code dependencies can put an entire application at risk, yet 48% of organizations knowingly push vulnerable code into production regularly. With a heavy reliance on open source software to build applications, patching a myriad of vulnerabilities has become an extremely hard and time-consuming task. It’s not always possible, …
Read more
Uncategorized
Top 22 Docker Security Best Practices: Ultimate Guide
While Docker has become synonymous with containers, various container tools and platforms have emerged to make the process of developing and running containers more efficient. Still, a lot of the same principles around Docker security apply for protecting container-based applications built with other tools as well. We compiled 20 essential Docker security best practices into …
Read more
Uncategorized
What’s New in the Docker and Kubernetes CIS Benchmarks
One of the challenges with container security and its standards is keeping current with new releases and products. New versions of the Docker and Kubernetes CIS Benchmarks were released recently to capture changes in the new versions of those projects, both to keep things current and to expand coverage to help people keep their environments …
Read more
SECURITY RESEARCH
Cloud Native Threat Report: How Quickly Will You Be Attacked?
The cloud native threat landscape is evolving fast, with 50% of vulnerable targets getting attacked within only one hour. While adversaries are constantly advancing their techniques to craft more sophisticated and targeted attacks, organizations are leaving themselves exposed. Aqua’s 2021 Cloud Native Threat Report analyzes attacks observed in the wild and identifies major trends in …
Read more
Uncategorized
The Challenges of Uniquely Identifying Your Images
One of the challenges of container security is ensuring that the image you’re getting is exactly what you expect it to be. Both from a security and consistency perspective, it’s important to ensure there are no surprises in what you’re downloading. Docker image tags, whilst convenient, can’t always be relied on to point to a …
Read more
SECURITY RESEARCH
JDWP Misconfiguration in Container Images and K8s
Java Debug Wire Protocol (JDWP) is a great way to remotely debug applications during development. However, if enabled when shipped to production, hackers can exploit this mistake by running an arbitrary code that allows initial access or privilege escalation in your production environment. Using Aqua’s Dynamic Threat Analysis (DTA) scanner, we at Team Nautilus detected …
Read more
SECURITY RESEARCH
Threat Alert: Monero Miners Target Cloud Native Dev Environments
In September 2020, Aqua’s Team Nautilus detected a campaign that targeted the automated build processes of GitHub and Docker Hub. At that time we notified the affected services and they blocked the attack. Now, this campaign has resurfaced with vengeance. In just four days, the attackers set up 92 malicious Docker Hub registries and 92 …
Read more
Uncategorized
Cloud Native Forensics: Challenges and Best Practices
As no individual, business, or government is immune from being the victim of the next large-scale cyberattack, organizations need capabilities to help identify, contain, and investigate what seems like an inevitable incident. By performing forensic analysis, you can gain and leverage valuable insights to take the right steps to contain and mitigate the attack while …
Read more
Page 3 of 8‹ Prev12345678Next ›
Need to secure enterprise workloads?
Aqua Cloud Native Application Protection Platform (CNAPP)
Go cloud native with the experts!
Get Demo
Aqua Security stops cloud native attacks across the application lifecycle and is the only company with a $1M Cloud Native Protection Warranty to guarantee it. As the pioneer in cloud native security, Aqua helps customers reduce risk while building the future of their businesses. The Aqua Platform is the industry's most integrated Cloud Native Application Protection Platform (CNAPP), protecting the application lifecycle from code to cloud and back. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL with Fortune 1000 customers in over 40 countries.
Read Aqua Security reviews on G2

Use Cases

Environments

Partners

Resources

About Us

Get in Touch

Products

Get Started
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use | Cookie Settings |  
Accessibility Tools
Normal text size Medium text size Large text size
Normal display Black & White display High contrast display
Stop transitions and animations Underline Links