Aqua News

Contact Aqua PR

Misconfigured registries are putting hundreds of top businesses at risk

April 24, 2023

A new report from the Aqua Nautilus research team found 250 million artifacts and 65,600 container images were exposed, leaving five Fortune 500 companies, as well as “thousands of others”, at risk.

Read more

Aqua Nautilus Discovers 250 Million Artifacts Exposed via Misconfigured Registries and Artifact Repositories

April 24, 2023

BOSTON—April 24, 2023—Aqua Security, the pioneer in cloud native security, today announced that its security research team, Aqua Nautilus, discovered 250 million artifacts and 65,600 container images that were exposed via thousands of misconfigured container images, Red Hat Quay registries, JFrog Artifactory and Sonatype Nexus artifact registries. Many contained highly confidential and sensitive proprietary code …

Read more

Novel Technique Exploits Kubernetes RBAC to Create Backdoors

April 22, 2023

Researchers at cybersecurity firm Aqua Security said they recorded and analyzed an attack on its Kubernetes honeypots that used the RBAC system to gain persistence. RBAC is a method of restricting network access based on the roles of individual users within an organization.

Read more

Kubernetes RBAC Exploited in Large-Scale Campaign for Cryptocurrency Mining

April 21, 2023

“The attackers also deployed DaemonSets to take over and hijack resources of the K8s clusters they attack,” cloud security firm Aqua said in a report shared with The Hacker News. The Israeli company, which dubbed the attack RBAC Buster, said it found 60 exposed K8s clusters that have been exploited by the threat actor behind this campaign.

Read more

Why agentless security is not real security

April 20, 2023

Aqua CTO and Co-founder Amir Jerbi contributed an article on the long-lasting ‘agentless vs. agent’ debate noting it is finally over and the result is in — if you want great cloud workload security, you need an agent.

Read more

Aqua Trivy Now Provides Full Compliance Scanning for CIS Kubernetes Benchmarks

April 20, 2023

Aqua Trivy brings the unique ability to perform the complete CIS Kubernetes benchmarks scan, including scans on the Kubernetes nodes themselves. Scans are performed automatically and result in detailed reports with recommendations for improving the architecture and workloads scanned, based on CIS Kubernetes Benchmarks. It also supports NSA and Pod Security Standards (PSS) compliance scans, …

Read more

Aqua Security incorporates CIS Kubernetes benchmarks scanning into open source Trivy

April 20, 2023

Cloud native security provider Aqua Security has announced that the unified security scanner Aqua Trivy now provides full compliance scanning for CIS Kubernetes Benchmarks.

Read more

The golden pipeline for securing the software supply chain

April 18, 2023

Nurit Bielorai, Go-To-Market Manager, Supply Chain Security at Aqua Security, discusses the alarming rise in supply chain security attacks, some of the issues and challenges faced by businesses when it comes to secure software development, and explains the benefits of Aqua Security’s own Cloud Native Application Protection Platform (CNAPP).

Read more