NPM flaw let attackers add anyone as maintainer to malicious packages
A ‘logical flaw’ in the npm registry enabled authors of malicious packages to quietly add anyone and any number of users as ‘maintainers’ to their packages in an attempt to boost the trust in their packages. The GitHub-owned repository of NodeJS components has now fixed the flaw after the issue was responsibly reported by cloud native security company, Aqua.
Kubernetes security targeted by perfect storm of threats
Although attackers are becoming more sophisticated, they’re equally on the search for easy, broad targets — and Kubernetes is delivering such a target,” read the 2022 “Cloud Native Threat Report” published last week by container runtime security vendor Aqua.
Aqua Security’s KubeSec Enterprise 2022 Opens Call for Proposals
BOSTON — April 27, 2022 — Aqua Security, the leading pure-play cloud native security provider, today announced that its KubeSec Enterprise Global Webinar Series 2022 has opened its call for proposals. The deadline to submit a proposal is May 12, 2022. Kubernetes users and experts are invited to share their experiences implementing Kubernetes and adjacent …
Video: An update from Aqua Security
Techday’s 10 Minute IT Jams features Aqua Security Area VP for APAC and Japan Rob D’Amico, who shares with us some insight around the company’s role in providing cloud native security solutions to a wide range of markets.
The Ins and Outs of Secure Infrastructure as Code
The move to IaC has its challenges but done right can fundamentally improve an organization’s overall security posture. An Aqua Security expert shares insights in this contributed article.
NPM Bug Allowed Attackers to Distribute Malware as Legitimate Packages
The supply chain threat has been dubbed “Package Planting” by researchers from cloud security firm Aqua. “Up until recently, NPM allowed adding anyone as a maintainer of the package without notifying these users or getting their consent,” Aqua’s Yakir Kadkoda said in a report published Tuesday.
Aqua Security Named a 2022 Best Place to Work by the Boston Business Journal
BOSTON — April 26, 2022 — Aqua Security, the leading pure-play cloud native security provider, announced today that the Boston Business Journal has named the company a 2022 Best Place to Work. The BBJ’s exclusive ranking honors Massachusetts companies that have built outstanding work environments for their people. “Aqua’s values are at the core of everything we …
Aqua Security Research Shows Nearly 70% of CISOs Believe OSS Offers a Faster Path to Security
BOSTON — April 26, 2022 — Aqua Security, the leading pure-play cloud native security provider, today issued new research, which shows that nearly 70% of chief information security officers (CISOs) believe open source security solutions provide a faster way to secure their environments. Likewise, 78% of CISOs believe open source solutions provide them with access …
- GigaOm Radar: Aqua Leads in Container Security February 18, 2025
- Malware Forensic Analysis: Capturing What Attackers Leave Behind February 11, 2025
- Securing Container Workloads on Azure Container Apps (ACA) February 6, 2025
- Secure Your Containers from DreamBus Botnet with Aqua Runtime Protection February 5, 2025
- OPA Gatekeeper Bypass Reveals Risks in Kubernetes Policy Engines February 3, 2025
- Cloud Security Trends: Predictions and Strategies for Resilience December 18, 2024
