Cloud Native Security, Container Security & Serverless Security Mon, 15 Jul 2024 13:00:38 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 https://www.aquasec.com/blog/kubernetes-exposed-exploiting-the-kubelet-api/ Mon, 15 Jul 2024 05:58:43 +0000 https://www.aquasec.com/?p=20794 Kubelet API is a vital component in Kubernetes clusters that manages pods and their containers on each node. While it is not typically intended for direct user interaction, many DevOps teams may utilize the Kubelet API for debugging and direct node communication. However, exposing the Kubelet API to the public internet while enabling anonymous unauthenticated …]]> https://www.aquasec.com/blog/undetected-hard-code-secrets-expose-corporations/ Sun, 23 Jun 2024 14:22:10 +0000 https://www.aquasec.com/?p=20563 For years, we’ve been educating developers not to hard-code secrets into their code. Now it turns out that even doing this once might permanently expose that secret, even after its apparent removal – and worse, most secrets scanning methods will miss it. Our research found that almost 18% of secrets might be overlooked.   We uncovered …]]> https://www.aquasec.com/blog/muhstik-malware-targets-message-queuing-services-applications/ Tue, 04 Jun 2024 16:39:29 +0000 https://www.aquasec.com/?p=20387 Aqua Nautilus discovered a new campaign of Muhstik malware targeting message queuing services applications, specifically the Apache RocketMQ platform. Our investigation revealed that the attackers downloaded the known malware Muhstik onto the compromised instances by exploiting a known vulnerability in the platform. In this blog, we will explore how the attackers exploit the existing vulnerability …]]> https://www.aquasec.com/blog/linguistic-lumberjack-understanding-cve-2024-4323-in-fluent-bit/ Fri, 24 May 2024 22:18:42 +0000 https://www.aquasec.com/?p=20293 Linguistic Lumberjack is a new critical severity vulnerability (CVE-2024-4323) that affects Fluent Bit versions 2.0.7 through 3.0.3. The vulnerability involves a memory corruption error, potentially leading to denial of service, information disclosure, or remote code execution.   Fluent Bit is a highly popular open-source data collector and processor designed for handling large volumes of log data …]]> https://www.aquasec.com/blog/github-repos-expose-azure-and-red-hat-secrets/ Thu, 16 May 2024 12:00:48 +0000 https://www.aquasec.com/?p=19994 What happens when employees at some of the world’s largest organizations like Microsoft and RedHat use personal GitHub repos for their side projects? They can unknowingly expose corporate secrets and credentials opening the doors for a security incident. Unfortunately, this isn’t just a hypothetical situation.   In a recent study, we explained how we analyzed …]]> https://www.aquasec.com/blog/lucifer-ddos-botnet-malware-is-targeting-apache-big-data-stack/ Wed, 21 Feb 2024 07:58:29 +0000 https://www.aquasec.com/?p=17472 Aqua Nautilus has unveiled a new campaign targeting Apache big-data stack, specifically Apache Hadoop and Apache Druid. Upon investigation, it was discovered that the attacker exploits existing misconfigurations and vulnerabilities within our Apache cloud honeypots to execute the attacks. The campaign employs a new variant of a well-known DDoS botnet that focuses on vulnerable Linux …]]> https://www.aquasec.com/blog/snap-trap-the-hidden-dangers-within-ubuntus-package-suggestion-system/ Wed, 14 Feb 2024 06:00:55 +0000 https://www.aquasec.com/?p=17482 Aqua Nautilus researchers have identified a security issue that arises from the interaction between Ubuntu’s command-not-found package and the snap package repository. While command-not-found serves as a convenient tool for suggesting installations for uninstalled commands, it can be inadvertently manipulated by attackers through the snap repository, leading to deceptive recommendations of malicious packages. Additionally, our …]]> https://www.aquasec.com/blog/mitigating-leaky-vessels-vulnerabilities-in-runc-buildkit-and-moby-with-aqua/ Thu, 01 Feb 2024 17:36:00 +0000 https://www.aquasec.com/?p=17192 On January 31, 2024, researchers revealed the discovery of four severe security vulnerabilities in the container ecosystem. These vulnerabilities, affecting key components including runc, BuildKit, Moby (Docker Engine), and Docker Desktop, pose significant risks to the security and integrity of applications that use containerization applications.   The vulnerabilities become exploitable in scenarios where a user …]]> https://www.aquasec.com/blog/headcrab-2-0-evolving-threat-in-redis-malware-landscape/ Mon, 29 Jan 2024 12:04:58 +0000 https://www.aquasec.com/?p=17182 At the beginning of 2023, Aqua Nautilus researchers uncovered HeadCrab – an advanced threat actor utilizing a state-of-the-art, custom-made malware that compromised 1,200 Redis servers. As you know in the ever-evolving world of cybersecurity, threat actors continually adapt and refine their techniques. Recently, our researchers detected a new version of the HeadCrab malware targeting our …]]> https://www.aquasec.com/blog/the-gaps-in-open-source-governance-that-threaten-the-software-supply-chain/ Tue, 23 Jan 2024 10:56:37 +0000 https://www.aquasec.com/?p=14142 The widespread issue of unmaintained and deprecated npm packages recently discovered by Aqua researchers affects more than a fifth of open source packages. Presenting yet another silent example of hidden threats to the software supply chain, it demonstrates how poor operational and structural integrity of dependencies can be just as risky as code vulnerabilities, while …]]>