The Russia-Ukraine Cyber Attacks: A CISO’s Advice

Aqua Cloud Native Blog

Expert insight, best practices and advice on cloud native security, trends, threat intelligence and compliance.

Uncategorized
The Russia-Ukraine Cyber Attacks: A CISO’s Advice
The devastating events in Ukraine have already affected millions of lives and organizations, with profound consequences extending far beyond the region. As the conflict continues to unfold, companies in the US and around the world are facing the growing risk of aggressive Russian cyberattacks. In the face of these threats, CISOs and CIOs must ramp …
Read more
KUBERNETES SECURITY
Privilege Escalation from Node/Proxy Rights in Kubernetes RBAC
One of the side effects of Kubernetes’ rich API and extensive functionality is that sometimes there are security implications to granting users permissions. Security architects should be aware of these side effects when designing platforms that use Kubernetes. In recent research with Iain Smart of NCC Group, we looked at how granting rights to node/proxy …
Read more
AQUA OPEN SOURCE, COMPANY & CULTURE
Empowering Developers to Succeed: How and Why I Joined Aqua
For the past few years, I’ve been dedicating my career to helping developers improve their skills and discover useful tools and communities. As the industry is moving from customer-driven to community-focused development, Aqua is embracing this shift. I’m excited to take on the role of Aqua’s developer advocate to foster its fantastic open source community …
Read more
Uncategorized
Adopting Zero Trust in Kubernetes: The Fundamentals
In late January, the White House published a memo that lays the groundwork for creating a zero-trust architecture for federal agencies. With renewed attention from the US government, zero-trust networking is an area that many organizations are focusing on to improve their security posture. With that focus, it makes sense to understand where these principles …
Read more
AQUA OPEN SOURCE
Securing GitHub Actions with Trivy and Cosign
One of the advantages of automated CI/CD pipelines is that they’re a great place to implement regular security controls and checks. Using GitHub Actions, it’s easy to improve the security of your containers by automating vulnerability scanning and digital signing of container images on a regular basis. In this post, we’ll go over how to …
Read more
Uncategorized
Identify Security Risks in AWS CloudFormation Templates with Trivy
Aqua Security’s open source project Trivy now includes scanning of AWS CloudFormation templates to help developers better identify and remediate security issues within infrastructure as code (IaC) templates. Building on the technology and rule sets behind our popular open source project tfsec, Trivy now allows developers to evaluate AWS CloudFormation code, either locally or within …
Read more
EXPERT INSIGHTS
Why Agent vs Agentless is a False Choice
There are important decisions to be made across the entire journey to implementing a cloud native security strategy, from initial visibility to automation of prevention and response. This blog post will guide you through the implementation decisions across that journey, from initial, frictionless API based visibility to agents with deeper visibility and protection. Every team …
Read more
EXPERT INSIGHTS
Winning with Cloud Native Security: Joe Sexton on Why He Joined Aqua’s BOD
I’m thrilled to be joining the Aqua board of directors to drive the company’s aggressive growth and help enterprises all over the world accelerate their cloud journeys with a security-first mindset. Cloud native security is on a fast track to become a massive, important market, and I see Aqua as its clear winner. Leaving the …
Read more
KUBERNETES SECURITY
RBAC Virtual Verbs: Teaching Kubernetes to Educate Dolphins
Kubernetes’ role-based access control (RBAC) system is a cornerstone of cluster security. Most clusters use RBAC to determine which users have access to specific operations, and its core elements are well covered in the Kubernetes documentation. However, there are some less well-known features that could be relevant when creating or using tools designed to ensure …
Read more
SOFTWARE SUPPLY CHAIN SECURITY
Software Supply Chain Attacks: 2021 in Review
As CI/CD pipelines have become an increasingly popular attack vector, 2021 saw a huge rise in software supply chain attacks. With their number more than tripling in the past year, securing the software delivery process is one of the most urgent needs. In our latest study, we examine the top supply chain security threats that …
Read more
SECURITY RESEARCH
CVE-2022-0185 in Linux Kernel Can Allow Container Escape in Kubernetes
Last week, a new high-severity CVE was released that affects the Linux kernel. This vulnerability provides an opportunity for an attacker who has access to a system as an unprivileged user to escalate those rights to root. To do this, the attacker must have a specific Linux capability, CAP_SYS_ADMIN, which reduces the risk of breakout …
Read more
SECURITY RESEARCH
The Nightmare Before Christmas: Looking Back at Log4j Vulnerabilities
Last month, a zero-day vulnerability in the extremely popular Log4j logging framework overwhelmed the security community during the already busy end-of-year rush. Just keeping up with Log4j news and updates has been no easy task, let alone fixing the multiple vulnerabilities discovered almost daily. Organizations worked hard to apply patches for the original zero-day vulnerability, …
Read more
Page 13 of 33‹ Prev91011121314151617Next ›
Need to secure enterprise workloads?
Aqua Cloud Native Application Protection Platform (CNAPP)
Go cloud native with the experts!
Get Demo
Aqua Security stops cloud native attacks across the application lifecycle. As the pioneer in cloud native security, Aqua helps customers reduce risk while building the future of their businesses. The Aqua Platform is the industry's most integrated Cloud Native Application Protection Platform (CNAPP), protecting the application lifecycle from code to cloud and back. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL with Fortune 1000 customers in over 40 countries.
Read Aqua Security reviews on G2

Use Cases

Environments

Partners

Resources

About Us

Get in Touch

Products

Get Started
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use | Cookie Settings |  
Accessibility Tools
Normal text size Medium text size Large text size
Normal display Black & White display High contrast display
Stop transitions and animations Underline Links