Aqua News

The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the internet potential targets, researchers from Aqua Security said. 

BOSTON—September 16, 2024—Aqua Security, the pioneer in cloud native security, today announced VEX Hub, a vendor neutral repository for VEX (Vulnerability Exploitability eXchange). VEX is a new industry standard for communicating and sharing information on security vulnerabilities for software artifacts, and VEX Hub now provides users and software maintainers a single library of vulnerability information …

An unknown attacker is exploiting weak passwords to break into Oracle WebLogic servers and deploy an emerging Linux malware called Hadooken, according to researchers from cloud security outfit Aqua. 

Researchers at container security solution company Aqua Security observed such an attack on a honeypot, which the threat actor breached due to weak credentials. 

Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers. The attack – observed by Aqua Security researchers on a honeypot system – starts with the threat actors brute-forcing access credentials. 

Aqua cybersecurity researchers have discovered a new variant of the Gafgyt botnet that’s targeting machines with weak SSH passwords to ultimately mine cryptocurrency on compromised instances using their GPU computational power. 

BOSTON, August 12, 2024 – Aqua Security, the pioneer in cloud native security, today announced that it has been named as a Representative Vendor in the Gartner® Market Guide for Cloud-Native Application Protection Platforms (CNAPP). The new Gartner report examines the extensive CNAPP market and its growth potential, and it recognizes vendors as Representative Vendors. …

Researchers from security firm Aqua Security identified six AWS services that were creating predictably named S3 buckets and that were vulnerable to the new hijacking technique. They presented their findings in a talk at the Black Hat USA security conference this week.