Aqua News

Aqua’s Story Tweedie-Yates summarizes the key considerations for organizations managing cloud expansion to minimize the risks posed by misconfigurations.

Here’s a roundup of the latest cloud native security news we gathered for you. Kubernetes 1.22 is out, bringing a few new features to improve the security of Kubernetes. On the threat front, Team Nautilus uncovered several supply chain attacks using container images that hijack resources to mine cryptocurrency. As Infrastructure-as-Code is rising in popularity, see how Trivy IaC security …

BOSTON – August 18, 2021 – Aqua Security, the pure-play cloud native security leader, today appointed Christopher Smith as Chief Revenue Officer. With nearly 30 years of enterprise IT experience and 19 in cybersecurity, Smith will join the executive team to help scale Aqua’s global go-to-market team and accelerate growth. Most recently Smith was Chief …

The cybersecurity firm Aqua Security uncovered several supply chain attacks that use malicious container images to compromise their victims when its threat research team, Team Nautilus was performing its daily scan of Docker Hub for malicious activity according to a new blog post.

Aqua Security researchers recommend companies improve their defensive measures to reduce the risk of falling victim to this type of attack. “Attackers are increasingly targeting organizations’ software supply chains, and in some cases, they are getting better at hiding their attacks,” the researchers say.

“When practitioners fail to implement a holistic approach with protecting their workloads at runtime, they are opening up their environments to attackers, since even the most complete ‘shift left’ vulnerability and malware detection cannot prevent zero-day attacks and administrator errors,” said Amir Jerbi, cofounder and CTO at Aqua.

Aqua Security’s new cloud-native application protection platform leverages a unified console to ease the journey from scanning and visibility to workload protection in cloud-native environments. The platform reduces administrative burden and allows security teams to start with scanning and cloud security posture management, and then add in sandboxing capabilities and workload protection as needed.

The risk that open source components pose to applications has less to do with the component itself than the supply chain that supports it, asserted Tsvi Korren, field CTO at Aqua Security. “It all comes down to the degree of governance and oversight, which open source projects often lack,” he told TechNewsWorld.