Aqua News

Aqua Security in May debuted the latest enhancement to its “code to cloud” security offering with the launch of protection for LLM-based applications. 

Called Perfctl, the malware was recently spotted by cybersecurity researchers from Aqua Security, who claim it has been around since at least 2021, and has so far infected thousands of Linux endpoints. 

The malware has been circulating since at least 2021. It gets installed by exploiting more than 20,000 common misconfigurations, a capability that may make millions of machines connected to the internet potential targets, researchers from Aqua Security said. 

BOSTON—September 16, 2024—Aqua Security, the pioneer in cloud native security, today announced VEX Hub, a vendor neutral repository for VEX (Vulnerability Exploitability eXchange). VEX is a new industry standard for communicating and sharing information on security vulnerabilities for software artifacts, and VEX Hub now provides users and software maintainers a single library of vulnerability information …

An unknown attacker is exploiting weak passwords to break into Oracle WebLogic servers and deploy an emerging Linux malware called Hadooken, according to researchers from cloud security outfit Aqua. 

Researchers at container security solution company Aqua Security observed such an attack on a honeypot, which the threat actor breached due to weak credentials. 

Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers. The attack – observed by Aqua Security researchers on a honeypot system – starts with the threat actors brute-forcing access credentials. 

Aqua cybersecurity researchers have discovered a new variant of the Gafgyt botnet that’s targeting machines with weak SSH passwords to ultimately mine cryptocurrency on compromised instances using their GPU computational power.