Cloud Native Security, Container Security & Serverless Security Sun, 14 Jul 2024 08:00:36 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 https://www.aquasec.com/blog/muhstik-malware-targets-message-queuing-services-applications/ Tue, 04 Jun 2024 16:39:29 +0000 https://www.aquasec.com/?p=20387 Aqua Nautilus discovered a new campaign of Muhstik malware targeting message queuing services applications, specifically the Apache RocketMQ platform. Our investigation revealed that the attackers downloaded the known malware Muhstik onto the compromised instances by exploiting a known vulnerability in the platform. In this blog, we will explore how the attackers exploit the existing vulnerability …]]> https://www.aquasec.com/blog/find-new-openssl-vulnerabilities-with-trivy/ Tue, 01 Nov 2022 18:21:44 +0000 https://www.aquasec.com/?p=14568 Today, OpenSSL announced two new CVEs and mitigation recommendations. This blog provides guidance as to how you can identify the Open SSL vulnerability using Trivy. To both identify and mitigate the vulnerability, see this blog post Updated Security Advisory: New OpenSSL Vulnerabilities about mitigation with assurance policies in Aqua’s software supply chain solution. Package installed via …]]> https://www.aquasec.com/blog/container-vulnerability-management/ Tue, 14 Jul 2020 12:26:26 +0000 https://www.aquasec.com/?p=15542 There’s an overwhelming number of vulnerabilities in container images – and the security of your deployments is probably suffering because of it. No matter the size of your organization, it’s a significant challenge to identify the biggest risks to your business and know what to tackle first. Merely classifying and filtering CVEs by the highest …]]> https://www.aquasec.com/blog/container-image-vulnerability-scanner-harbor/ Wed, 18 Dec 2019 13:53:51 +0000 https://www.aquasec.com/?p=15679 Harbor is an open source cloud native artifact registry, sponsored by the CNCF, that you can use as a repository for your container images. Harbor provides support for vulnerability scanning of images to make sure they are safe to deploy. We’ve been working with the Harbor team to extend its capabilities with support for pluggable …]]> https://www.aquasec.com/blog/container-vulnerability-management-best-practices/ Thu, 12 Dec 2019 14:35:37 +0000 https://www.aquasec.com/?p=15686 After four years of securing cloud native applications, our team at Aqua has learned a thing or two about applying best practices in the real world. We’ve seen many organizations succeed in establishing a sound process and tooling to achieve their security goals, and we’ve also seen those who struggle to prioritize and manage their …]]> https://www.aquasec.com/blog/container-security-vulnerabilities/ Tue, 30 Apr 2019 13:29:10 +0000 https://www.aquasec.com/?p=15838 Now that containers have been around for a few years and have had their share of disclosed vulnerabilities, it’s time to revisit some of the more interesting ones and see if there’s a recurring theme or any underlying trend to highlight. We found some of the more severe CVEs disclosed during 2017-2019 that affected the …]]> https://www.aquasec.com/blog/image-vulnerability-scanning-openshift-image-streams/ Thu, 25 Oct 2018 11:06:00 +0000 https://www.aquasec.com/?p=15930 In traditional cloud native environments, actions such as building and deploying applications will usually involve working directly with images hosted in one or more registries. Customers wishing to track changes in those images, in order to identify security and compliance issues, would need to set up an automatic process of constantly scanning them by connecting …]]> https://www.aquasec.com/blog/using-aqua-to-secure-applications-on-pivotal-cloud-foundry/ Sun, 11 Mar 2018 08:24:25 +0000 https://www.aquasec.com/?p=16028 Many organizations use Pivotal Cloud FoundryⓇ (PCF), one of the world’s most powerful cloud native platforms. PCF enables developers and operators to iterate rapidly, and help expand and launch new businesses fast, as well as deliver extraordinary user experiences to their customers. A little background on PCF vernacular Before we dive into the Aqua Security …]]> https://www.aquasec.com/blog/applying-multiple-security-policies-to-images-in-your-pipeline-to-improve-speed-and-efficiency/ Mon, 22 Jan 2018 12:46:28 +0000 https://www.aquasec.com/?p=16083 When it comes to securing containerized applications, the first item on everyone’s agenda is to ensure that only trusted images are running in your environment, based on security and compliance policies. And for good reason too. This is by far the most effective preventive measure you can take to protect your applications. If you don’t …]]> https://www.aquasec.com/blog/grafeas-and-image-vulnerability-scanning/ Mon, 18 Dec 2017 12:48:26 +0000 https://www.aquasec.com/?p=16107 A couple of months ago Aqua Security were part of a group of companies supporting the launch of Grafeas, an open source API initially introduced by Google that allows users to manage and query metadata about software artifacts. At KubeCon I did a joint presentation with Puppet’s Gareth Rushgrove entitled “Kubernetes, metadata and you” which …]]>