Businesses have been embracing cloud native technologies because of their elasticity and flexibility. They allow enterprises to quickly scale and develop applications that are built with services packaged in containers, deployed as microservices and managed on elastic infrastructure through agile DevOps processes and continuous delivery workflows. But with the opportunity that comes with cloud native, there exists questions around not only its security but its value to the business.  ..read more

The digital transformation journey of many organizations heavily leans on cloud technologies. As they migrate to the cloud, adhering to stringent security protocols becomes paramount. Enter FedRAMP(R) (Federal Risk and Authorization Management Program). It's a government-wide initiative designed to provide a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services ..read more

Exposed Kubernetes secrets pose a critical threat of supply chain attack. Aqua Nautilus researchers found that the exposed Kubernetes secrets of hundreds of organizations and open-source projects allow access to sensitive environments in the Software Development Life Cycle (SDLC) and open a severe supply chain attack threat. Among the companies were SAP’s Artifacts management system with over 95 million, two top blockchain companies, and various other fortune-500 companies. These encoded Kubernetes configuration secrets were uploaded to public repositories. In this blog we explore the inheren ..read more

As winter winds swept across the US this month an even colder wind swept through offices of organizations everywhere, as the SEC brought charges against SolarWinds Corporation and its Chief Information Security Officer (CISO). With one simple indictment the lives of CISOs everywhere changed (even if they may not know it yet) as the consequences of this have started to raise what may become the redefining of the CISO role ..read more

Aqua Nautilus researchers evaluated the vulnerability disclosure process for tens of thousands of open-source projects and found flaws in the process. These flaws allowed harvesting the vulnerabilities before they were patched and announced. This could enable attackers to exploit security holes before the project's users are alerted.  ..read more

Early this summer we announced the release of Kubernetes Bills of Material (KBOM) as part of Trivy, our all in one, popular open source security scanner. In the blog we discussed how KBOM is the manifest of all the important components that make up your Kubernetes cluster: Control plane components, Node Components, and Addons, including their versions and images.   ..read more

Researchers from Aqua Nautilus have successfully intercepted Kinsing's experimental incursions into cloud environments. Utilizing a rudimentary yet typical PHPUnit vulnerability exploit attack, a component of Kinsing's ongoing campaign, we have uncovered the threat actor's manual efforts to manipulate the Looney Tunables vulnerability (CVE-2023-4911). This marks the first documented instance of such an exploit, to the best of our knowledge. Intriguingly, the attacker is also broadening the horizons of their cloud-native attacks by extracting credentials from the Cloud Service Provider (CSP ..read more

In honor of October, known as National Cyber Security Month and more notably as today is Halloween, we thought we would have some fun with our blog and give you a tale of cyber security terror!  Deep within the cryptic corners of a cluttered server room, the fate of your business teeters on a tantalizing tightrope, subject to abrupt upheaval. In this dimly lit dungeon of the digital realm, a brand of horror exists that sends shivers down the spines of corporate entities, making server racks rattle in terror.   ..read more

Aqua Nautilus researchers have shed brighter light on a long-standing threat to SSH in the context of the cloud. More specifically, the threat actor harnessed our SSH server to be a slave proxy and pass traffic through it. In this blog, we will explain this threat, demonstrate how attackers exploit SSH, what actions they take upon gaining initial access, and the implications of these attacks on organizations and businesses ..read more

In a world fraught with uncertainties, global companies must be prepared to ensure continuity of operations, particularly in the face of the unexpected. With locations in the US, Israel, Singapore, India, Australia and London, we understand the importance of robust business continuity planning. Following the brutal attack of Hamas terrorists on Israeli citizens early last week, we have taken steps to maintain our services and support our customers and partners without interruption.   ..read more