Supply Chain Attacks - Aqua https://www.aquasec.com/tag/supply-chain-attacks/ Cloud Native Security, Container Security & Serverless Security Mon, 15 Jul 2024 11:12:35 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secrets https://www.aquasec.com/blog/github-repos-expose-azure-and-red-hat-secrets/ Thu, 16 May 2024 12:00:48 +0000 https://www.aquasec.com/?p=19994 Employee Personal GitHub Repos Expose Internal Azure and Red Hat SecretsWhat happens when employees at some of the world’s largest organizations like Microsoft and RedHat use personal GitHub repos for their side projects? They can unknowingly expose corporate secrets and credentials opening the doors for a security incident. Unfortunately, this isn’t just a hypothetical situation.   In a recent study, we explained how we analyzed …]]> SEC vs. SolarWinds: A Cybersecurity Game Changer for CISOs https://www.aquasec.com/blog/sec-vs-solarwinds-ciso/ Wed, 15 Nov 2023 11:57:34 +0000 https://www.aquasec.com/?p=14199 SEC vs. SolarWinds: A Cybersecurity Game Changer for CISOsAs winter winds swept across the US this month an even colder wind swept through offices of organizations everywhere, as the SEC brought charges against SolarWinds Corporation and its Chief Information Security Officer (CISO). With one simple indictment the lives of CISOs everywhere changed (even if they may not know it yet) as the consequences …]]> Threat Alert: Anatomy of Silentbob’s Cloud Attack https://www.aquasec.com/blog/threat-alert-anatomy-of-silentbobs-cloud-attack/ Wed, 05 Jul 2023 11:01:13 +0000 https://www.aquasec.com/?p=14364 Threat Alert: Anatomy of Silentbob’s Cloud AttackAqua Nautilus researchers identified an infrastructure of a potentially massive campaign against cloud native environments. This infrastructure is in early stages of testing and deployment, and is mainly consistent of an aggressive cloud worm, designed to deploy on exposed JupyterLab and Docker APIs in order to deploy Tsunami malware, cloud credentials hijack, resource hijack and …]]> Zero-Day Attack Prevention Through Supply Chain Security https://www.aquasec.com/blog/zero-day-attack-prevention-through-supply-chain-security/ Thu, 02 Mar 2023 14:46:13 +0000 https://www.aquasec.com/?p=14460 Zero-Day Attack Prevention Through Supply Chain SecuritySupply chain security has made lots of headlines recently thanks to events like the SolarWinds breach. That and similar events highlight the importance of having a strategy in place to respond to zero-day attacks which can take advantage of vulnerable software components. I recently organized a webinar with and Teresa Pepper, our EMEA Partner Manager. …]]> Supply Chain Security: Shifting Left to the Golden Pipeline https://www.aquasec.com/blog/supply-chain-security-shifting-left-to-the-golden-pipeline/ Wed, 11 Jan 2023 11:00:00 +0000 https://www.aquasec.com/?p=14493 Supply Chain Security: Shifting Left to the Golden PipelineAccording to an article in Security Magazine, 98% of organizations have been negatively impacted by a cybersecurity breach in their supply chain. Aqua’s 2021 Software Supply Chain Security Review notes that “attackers focused heavily on open source vulnerabilities and poisoning, code integrity issues, exploiting the software supply chain process and supplier trust to distribute malware …]]> Threat Alert: Private npm Packages Disclosed via Timing Attacks https://www.aquasec.com/blog/private-packages-disclosed-via-timing-attack-on-npm/ Wed, 12 Oct 2022 08:30:00 +0000 https://www.aquasec.com/?p=14593 Threat Alert: Private npm Packages Disclosed via Timing AttacksWe at Aqua Nautilus have discovered that npm’s API allows threat actors to execute a timing attack that can detect whether private packages exist on the package manager. By creating a list of possible package names, threat actors can detect organizations’ scoped private packages and then masquerade public packages, tricking employees and users into downloading …]]> Threat Alert: Phishing as a Service to Ramp Up Supply Chain Attacks https://www.aquasec.com/blog/phishing-as-a-service-to-ramp-up-supply-chain-attacks/ Tue, 13 Sep 2022 09:00:00 +0000 https://www.aquasec.com/?p=14638 Threat Alert: Phishing as a Service to Ramp Up Supply Chain AttacksThreat actors are ramping up their game by deploying Phishing as a Service (PhaaS) to code and package managers (such as GitHub, PyPI, Ruby, NPM). This tactic circumvents Multi-Factor Authentication (MFA) mechanisms leading to session cookie hijacks and account takeovers. As we’ve learned in recent years, account takeovers of these applications lead to supply chain …]]> Intro to Fileless Malware in Containers https://www.aquasec.com/blog/intro-to-fileless-malware-in-containers/ Thu, 11 Aug 2022 16:49:52 +0000 https://www.aquasec.com/?p=14664 Intro to Fileless Malware in ContainersA fileless attack is a technique that takes incremental steps toward gaining control of your environment while remaining undetected. In a fileless attack, the malware is directly loaded into memory and executed, evading common defenses and static scanning. Often, attackers may also use compression or encryption to cloak the malware file to avoid detection. Since …]]> GitHub Bug Allowed Third-Party Apps to Gain Elevated Permissions https://www.aquasec.com/blog/github-app-tokens/ Mon, 20 Jun 2022 09:30:00 +0000 https://www.aquasec.com/?p=14764 GitHub Bug Allowed Third-Party Apps to Gain Elevated PermissionsWe learned about a bug in GitHub that for about five days at the end of February allowed third-party applications connected to GitHub to generate new scoped installation tokens with elevated permissions. For example, if you connected the Codecov app to your GitHub account with read-only access to your repositories, during that window the app …]]> Real-world Cyber Attacks Targeting Data Science Tools https://www.aquasec.com/blog/cyber-attacks-data-science-tools/ Wed, 13 Apr 2022 10:00:00 +0000 https://www.aquasec.com/?p=14864 Real-world Cyber Attacks Targeting Data Science ToolsWith the accelerated move to the cloud, organizations increasingly rely on large data teams to make data-driven business decisions. In their job, data professionals are given high privileges and access to development and production environments. But what are the security threats that target data tools? And, more importantly, are organizations prepared to deal with these …]]>