https://www.aquasec.com/ Cloud Native Security, Container Security & Serverless Security Mon, 15 Jul 2024 13:00:38 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 https://www.aquasec.com/blog/kubernetes-exposed-exploiting-the-kubelet-api/ Mon, 15 Jul 2024 05:58:43 +0000 https://www.aquasec.com/?p=20794 Kubelet API is a vital component in Kubernetes clusters that manages pods and their containers on each node. While it is not typically intended for direct user interaction, many DevOps teams may utilize the Kubelet API for debugging and direct node communication. However, exposing the Kubelet API to the public internet while enabling anonymous unauthenticated …]]> https://www.aquasec.com/blog/compliance-to-implementation-exploring-dora-and-nis-2-frameworks/ Wed, 10 Jul 2024 15:01:49 +0000 https://www.aquasec.com/?p=20860 The importance of cybersecurity and operational resilience in the financial sector has never been more pronounced. The European Union (EU) has been at the forefront of addressing these critical issues, enacting comprehensive legislations to safeguard the digital infrastructure and ensure the continuity of financial services. Two pivotal pieces of legislation in this domain are the …]]> https://www.aquasec.com/blog/undetected-hard-code-secrets-expose-corporations/ Sun, 23 Jun 2024 14:22:10 +0000 https://www.aquasec.com/?p=20563 For years, we’ve been educating developers not to hard-code secrets into their code. Now it turns out that even doing this once might permanently expose that secret, even after its apparent removal – and worse, most secrets scanning methods will miss it. Our research found that almost 18% of secrets might be overlooked.   We uncovered …]]> https://www.aquasec.com/blog/catch-me-if-you-can-uncovering-malicious-behavior-in-container-images/ Tue, 18 Jun 2024 20:09:59 +0000 https://www.aquasec.com/?p=20528 What do Frank Abagnale Jr., the notorious con artist from “Catch Me If You Can”, the Golden Snitch from “Harry Potter,” and the Higgs boson from physics have in common? They’re all extremely difficult to catch. Whether it’s outsmarting the FBI, eluding a Quidditch player, or taking physicists almost 50 years to discover, each represents …]]> https://www.aquasec.com/blog/understanding-the-importance-of-runtime-security-in-cloud-native-environments/ Mon, 17 Jun 2024 12:46:23 +0000 https://www.aquasec.com/?p=20495 Gartner has estimated that “90% of global organizations will be running containerized applications in production by 2026—up from 40% in 2021.”   The inherent benefits of cloud native application development enable developers to introduce new code into the environment at an accelerated rate. However, the dynamic nature of these environments amplifies the risks associated with runtime …]]> https://www.aquasec.com/blog/muhstik-malware-targets-message-queuing-services-applications/ Tue, 04 Jun 2024 16:39:29 +0000 https://www.aquasec.com/?p=20387 Aqua Nautilus discovered a new campaign of Muhstik malware targeting message queuing services applications, specifically the Apache RocketMQ platform. Our investigation revealed that the attackers downloaded the known malware Muhstik onto the compromised instances by exploiting a known vulnerability in the platform. In this blog, we will explore how the attackers exploit the existing vulnerability …]]> https://www.aquasec.com/blog/linguistic-lumberjack-understanding-cve-2024-4323-in-fluent-bit/ Fri, 24 May 2024 22:18:42 +0000 https://www.aquasec.com/?p=20293 Linguistic Lumberjack is a new critical severity vulnerability (CVE-2024-4323) that affects Fluent Bit versions 2.0.7 through 3.0.3. The vulnerability involves a memory corruption error, potentially leading to denial of service, information disclosure, or remote code execution.   Fluent Bit is a highly popular open-source data collector and processor designed for handling large volumes of log data …]]> https://www.aquasec.com/blog/github-repos-expose-azure-and-red-hat-secrets/ Thu, 16 May 2024 12:00:48 +0000 https://www.aquasec.com/?p=19994 What happens when employees at some of the world’s largest organizations like Microsoft and RedHat use personal GitHub repos for their side projects? They can unknowingly expose corporate secrets and credentials opening the doors for a security incident. Unfortunately, this isn’t just a hypothetical situation.   In a recent study, we explained how we analyzed …]]> https://www.aquasec.com/blog/aws-kubernetes-security-and-compliance/ Wed, 15 May 2024 12:00:09 +0000 https://www.aquasec.com/?p=20010 Amazon Elastic Kubernetes Service (Amazon EKS) streamlines the process of deploying, managing, and scaling Kubernetes clusters on Amazon Web Services (AWS), sparing users the complexities of setting up and maintaining their own Kubernetes control plane. Kubernetes itself is an open-source platform designed to automate the management, scaling, and deployment of applications within containers.    In …]]> https://www.aquasec.com/blog/securing-genai-safeguarding-llm-powered-applications-with-aqua/ Wed, 01 May 2024 14:10:04 +0000 https://www.aquasec.com/?p=19884 In the rapidly evolving world of artificial intelligence, the rise of Generative AI (GenAI) has sparked a revolution in how we interact with and leverage this technology. GenAI is based on large language models (LLMs) that have demonstrated remarkable capabilities, from generating human-like text to powering conversational interfaces and automating complex tasks.  Even though we …]]>