Aqua News

Research that cloud-security vendor Aqua Security recently conducted uncovered some 250 million software artifacts and more than 65,000 container images lying exposed and Internet-accessible in thousands of registries and repositories. Some 1,400 hosts allowed access to secrets, keys, passwords, and other sensitive data that an attacker could use to mount a supply chain attack, or …

A new report from the Aqua Nautilus research team found 250 million artifacts and 65,600 container images were exposed, leaving five Fortune 500 companies, as well as “thousands of others”, at risk.

BOSTON—April 24, 2023—Aqua Security, the pioneer in cloud native security, today announced that its security research team, Aqua Nautilus, discovered 250 million artifacts and 65,600 container images that were exposed via thousands of misconfigured container images, Red Hat Quay registries, JFrog Artifactory and Sonatype Nexus artifact registries. Many contained highly confidential and sensitive proprietary code …

Researchers at cybersecurity firm Aqua Security said they recorded and analyzed an attack on its Kubernetes honeypots that used the RBAC system to gain persistence. RBAC is a method of restricting network access based on the roles of individual users within an organization.

“The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack,” cloud security firm Aqua said in a report shared with The Hacker News. The Israeli company, which dubbed the attack RBAC Buster, said it found 60 exposed K8s clusters that have been exploited by the threat actor behind this campaign.

Aqua CTO and Co-founder Amir Jerbi contributed an article on the long-lasting ‘agentless vs. agent’ debate noting it is finally over and the result is in — if you want great cloud workload security, you need an agent.

Aqua Trivy brings the unique ability to perform the complete CIS Kubernetes benchmarks scan, including scans on the Kubernetes nodes themselves. Scans are performed automatically and result in detailed reports with recommendations for improving the architecture and workloads scanned, based on CIS Kubernetes Benchmarks. It also supports NSA and Pod Security Standards (PSS) compliance scans, …

Cloud native security provider Aqua Security has announced that the unified security scanner Aqua Trivy now provides full compliance scanning for CIS Kubernetes Benchmarks.