Category: Other
Cloud Security Trends: Predictions and Strategies for Resilience
In 2025, cloud native security is set to undergo transformative progress. As Chief Information Security Officer at Aqua, I’ve seen how rapidly evolving threats and operational demands are driving organizations to redefine their approach to security. The focus is no longer just on adapting to challenges—it’s about deeply embedding security into every facet of development pipelines, runtime environments, and cloud ecosystems.
In 2025, cloud native security is set to undergo transformative progress. As Chief Information Security Officer at Aqua, I’ve seen how rapidly evolving threats and operational demands are driving organizations to redefine their approach to security. The focus is no longer just on adapting to challenges—it’s about deeply embedding security into every facet of development pipelines, runtime environments, and cloud ecosystems. Read More
300,000+ Prometheus Servers and Exporters Exposed to DoS Attacks
In this research, we uncovered several vulnerabilities and security flaws within the Prometheus ecosystem. These findings span across three major areas: information disclosure, denial-of-service (DoS), and code execution. We found that exposed Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API keys.
In this research, we uncovered several vulnerabilities and security flaws within the Prometheus ecosystem. These findings span across three major areas: information disclosure, denial-of-service (DoS), and code execution. We found that exposed Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API keys. Read More
From Theory to Practice: How to Make DevSecOps Work in Your Organization
Houston, we have a problem: implementing DevSecOps isn’t as straightforward as it seems.
DevSecOps has redefined security in modern software development, becoming the benchmark for organizational success. By embedding security into every phase of the development lifecycle, organizations can deploy faster and collaborate more efficiently while ensuring security at every step. Yet, despite its advantages, according to IDC’s 2024 DevSecOps and Software Supply Chain Security Survey, only 66% of application development teams use DevSecOps methodologies on average. If it were easy to implement, that number would be much closer to 100%. So, what’s holding teams back? Let’s explore the most common challenges—and how to address them.
Houston, we have a problem: implementing DevSecOps isn’t as straightforward as it seems.
DevSecOps has redefined security in modern software development, becoming the benchmark for organizational success. By embedding security into every phase of the development lifecycle, organizations can deploy faster and collaborate more efficiently while ensuring security at every step. Yet, despite its advantages, according to IDC’s 2024 DevSecOps and Software Supply Chain Security Survey, only 66% of application development teams use DevSecOps methodologies on average. If it were easy to implement, that number would be much closer to 100%. So, what’s holding teams back? Let’s explore the most common challenges—and how to address them. Read More
Matrix Unleashes A New Widespread DDoS Campaign
Aqua Nautilus researchers uncovered a new and widespread Distributed Denial-of-Service (DDoS) campaign orchestrated by a threat actor named Matrix. Triggered by activities detected on our honeypots, this investigation dives deep into Matrix’s methods, targets, tools, and overall goals.
Aqua Nautilus researchers uncovered a new and widespread Distributed Denial-of-Service (DDoS) campaign orchestrated by a threat actor named Matrix. Triggered by activities detected on our honeypots, this investigation dives deep into Matrix’s methods, targets, tools, and overall goals. Read More
Threat Actors Hijack Misconfigured Servers for Live Sports Streaming
To keep up with the ever-evolving world of cybersecurity, Aqua Nautilus researchers deploy honeypots that mimic real-world development environments. During a recent threat-hunting operation, they uncovered a surprising new attack vector: threat actors using misconfigured servers to hijack environments for streaming sports events. By exploiting misconfigured JupyterLab and Jupyter Notebook applications, attackers drop live streaming capture tools and duplicate the broadcast on their illegal server, thus conducting stream ripping. In this blog, we explain how our threat hunting operation helped us uncover this and how we analyzed this attack using Aqua Tracee and Traceeshark.
To keep up with the ever-evolving world of cybersecurity, Aqua Nautilus researchers deploy honeypots that mimic real-world development environments. During a recent threat-hunting operation, they uncovered a surprising new attack vector: threat actors using misconfigured servers to hijack environments for streaming sports events. By exploiting misconfigured JupyterLab and Jupyter Notebook applications, attackers drop live streaming capture tools and duplicate the broadcast on their illegal server, thus conducting stream ripping. In this blog, we explain how our threat hunting operation helped us uncover this and how we analyzed this attack using Aqua Tracee and Traceeshark. Read More
New Aqua User Experience: Streamlined Vulnerability Management
The new Aqua Hub update is designed to take the headache out of vulnerability management, addressing common challenges like alert overload and data consistency issues. With this update, teams get a clean, streamlined view of vulnerabilities that cuts through the noise, so they can focus on the critical issues without getting lost in irrelevant details.
The new Aqua Hub update is designed to take the headache out of vulnerability management, addressing common challenges like alert overload and data consistency issues. With this update, teams get a clean, streamlined view of vulnerabilities that cuts through the noise, so they can focus on the critical issues without getting lost in irrelevant details. Read More
Enhancing UK Cybersecurity and Resilience: Impact of the New National Bill
As the digital landscape rapidly evolves, the need for a robust, adaptive security strategy becomes increasingly critical. Cyber threats are becoming more sophisticated and widespread, necessitating a proactive approach to cybersecurity. The UK’s Cyber Security and Resilience Bill represents a significant stride towards fortifying the nation’s defenses against these threats.
As the digital landscape rapidly evolves, the need for a robust, adaptive security strategy becomes increasingly critical. Cyber threats are becoming more sophisticated and widespread, necessitating a proactive approach to cybersecurity. The UK’s Cyber Security and Resilience Bill represents a significant stride towards fortifying the nation’s defenses against these threats.Read More
5 Must-See Sessions at KubeCon North America
Who’s getting excited? Next week, the Cloud Native Computing Foundation’s flagship conference, KubeCon + CloudNativeCon, will kick off in Salt Lake City, Utah. In its ninth year, the conference has grown into more than just a technical conference—it’s a vibrant community event that offers attendees the tools, relationships, and inspiration to drive innovation in the cloud native ecosystem.
Who’s getting excited? Next week, the Cloud Native Computing Foundation’s flagship conference, KubeCon + CloudNativeCon, will kick off in Salt Lake City, Utah. In its ninth year, the conference has grown into more than just a technical conference—it’s a vibrant community event that offers attendees the tools, relationships, and inspiration to drive innovation in the cloud native ecosystem.Read More
Threat Alert: TeamTNT’s Docker Gatling Gun Campaign
Long time no see, Aqua Nautilus researchers have identified a new campaign in the making by TeamTNT, a notorious hacking group. In this campaign, TeamTNT appears to be returning to its roots while preparing for a large-scale attack on cloud native environments. The group is currently targeting exposed Docker daemons to deploy Sliver malware, a cyber worm, and cryptominers, using compromised servers and Docker Hub as the infrastructure to spread their malware.
Long time no see, Aqua Nautilus researchers have identified a new campaign in the making by TeamTNT, a notorious hacking group. In this campaign, TeamTNT appears to be returning to its roots while preparing for a large-scale attack on cloud native environments. The group is currently targeting exposed Docker daemons to deploy Sliver malware, a cyber worm, and cryptominers, using compromised servers and Docker Hub as the infrastructure to spread their malware. Read More
AWS CDK Risk: Exploiting a Missing S3 Bucket Allowed Account Takeover
In June 2024, we uncovered a security issue related to the AWS Cloud Development Kit (CDK), an open-source project. This discovery adds to the six other vulnerabilities we discovered within AWS services. The impact of this issue could, in certain scenarios (outlined in the blog), allow an attacker to gain administrative access to a target AWS account, resulting in a full account takeover.
In June 2024, we uncovered a security issue related to the AWS Cloud Development Kit (CDK), an open-source project. This discovery adds to the six other vulnerabilities we discovered within AWS services. The impact of this issue could, in certain scenarios (outlined in the blog), allow an attacker to gain administrative access to a target AWS account, resulting in a full account takeover. Read More
Building Success Together: Driving Customer Satisfaction and Growth
Imagine you’ve just onboarded a new cybersecurity partner. After months of careful selection, a significant portion of your security budget, and a considerable investment, you’re confident that this partnership will shield your organization from the relentless and ever-evolving threats that jeopardize your environments and productivity.
Imagine you’ve just onboarded a new cybersecurity partner. After months of careful selection, a significant portion of your security budget, and a considerable investment, you’re confident that this partnership will shield your organization from the relentless and ever-evolving threats that jeopardize your environments and productivity. Read More
Walk the Line: High-Fidelity Incident Detection Without Disruption
In the dynamic world of cloud native, security teams are inundated with an overwhelming flood of alerts—far too many for any team to realistically manage. This constant barrage creates a risky dilemma: sift through the noise or silence alerts,risking missing real attacks. Like Johnny Cash’s “Walk the Line,” security teams must strike a careful balance—maintaining vigilance without becoming desensitized to the very warnings meant to protect their running applications.
In the dynamic world of cloud native, security teams are inundated with an overwhelming flood of alerts—far too many for any team to realistically manage. This constant barrage creates a risky dilemma: sift through the noise or silence alerts,risking missing real attacks. Like Johnny Cash’s “Walk the Line,” security teams must strike a careful balance—maintaining vigilance without becoming desensitized to the very warnings meant to protect their running applications. Read More
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
In this blog post, Aqua Nautilus researchers aim to shed light on a Linux malware that, over the past 3-4 years, has actively sought more than 20,000 types of misconfigurations in order to target and exploit Linux servers. If you have a Linux server connected to the internet, you could be at risk. In fact, given the scale, we strongly believe the attackers targeted millions worldwide with a potential number of victims of thousands, it appears that with this malware any Linux server could be at risk.
In this blog post, Aqua Nautilus researchers aim to shed light on a Linux malware that, over the past 3-4 years, has actively sought more than 20,000 types of misconfigurations in order to target and exploit Linux servers. If you have a Linux server connected to the internet, you could be at risk. In fact, given the scale, we strongly believe the attackers targeted millions worldwide with a potential number of victims of thousands, it appears that with this malware any Linux server could be at risk.Read More
CUPS: A Critical 9.9 Linux Vulnerability Reviewed
In the past couple of days there has been many troubling publications and discussions about a mysterious critical Linux vulnerability allowing remote code execution. While this headline is very alarming, after diving into details there are many preconditions that cool down the level of alertness. Aqua Security researchers have looked into the content that was released and prepared this blog to answer frequently asked questions regarding a series of vulnerabilities in the Common UNIX Printing System (CUPS).
In the past couple of days there has been many troubling publications and discussions about a mysterious critical Linux vulnerability allowing remote code execution. While this headline is very alarming, after diving into details there are many preconditions that cool down the level of alertness. Aqua Security researchers have looked into the content that was released and prepared this blog to answer frequently asked questions regarding a series of vulnerabilities in the Common UNIX Printing System (CUPS).Read More
Combatting Phantom Secrets with Historical Secret Scanning
You’ve likely heard of Schrödinger’s Cat from quantum mechanics—both alive and dead until the box is opened. This paradox mirrors a critical risk in modern development: the secrets embedded in your code. You might assume they’re long deleted, but until you examine the depths of commit history, you can’t be certain. Recently, Aqua Nautilus team uncovered that secrets you thought were removed may remain exposed for years, waiting to be found by malicious actors. In fact, our research found that nearly 20% of sensitive data in GitHub repositories slips past traditional scanners.
You’ve likely heard of Schrödinger’s Cat from quantum mechanics—both alive and dead until the box is opened. This paradox mirrors a critical risk in modern development: the secrets embedded in your code. You might assume they’re long deleted, but until you examine the depths of commit history, you can’t be certain. Recently, Aqua Nautilus team uncovered that secrets you thought were removed may remain exposed for years, waiting to be found by malicious actors. In fact, our research found that nearly 20% of sensitive data in GitHub repositories slips past traditional scanners. Read More
Sink or Swim: Tackling 2024’s Record-Breaking Vulnerability Wave
28,821 — that’s the number of vulnerabilities reported last year alone. With over 25,000 CVEs this year so far, 2024 is on track to set an even more troubling record. As cloud native technologies have become the backbone of modern IT infrastructure, these staggering figures highlight a growing and urgent threat. In this blog, we’ll explore why vulnerability disclosure is on the rise, share key trends seen by our Aqua Nautilus team, and offer practical steps security teams can take today to mitigate these escalating risks in their environments.
28,821 — that’s the number of vulnerabilities reported last year alone. With over 25,000 CVEs this year so far, 2024 is on track to set an even more troubling record. As cloud native technologies have become the backbone of modern IT infrastructure, these staggering figures highlight a growing and urgent threat. In this blog, we’ll explore why vulnerability disclosure is on the rise, share key trends seen by our Aqua Nautilus team, and offer practical steps security teams can take today to mitigate these escalating risks in their environments. Read More
Introducing VEX Hub: Essential New Repository Unifying VEX Statements!
VEX (Vulnerability eXploitability Exchange) is an emerging industry standard for communicating the relevance and impact of security vulnerabilities on software artifacts. This approach allows software maintainers to indicate when a specific vulnerability in a software dependency is irrelevant to their software due to the specific use case of that dependency. By conveying this crucial information to scanning tools via VEX, the accuracy of scan results is improved, leading to more actionable vulnerability reports for end users.
VEX (Vulnerability eXploitability Exchange) is an emerging industry standard for communicating the relevance and impact of security vulnerabilities on software artifacts. This approach allows software maintainers to indicate when a specific vulnerability in a software dependency is irrelevant to their software due to the specific use case of that dependency. By conveying this crucial information to scanning tools via VEX, the accuracy of scan results is improved, leading to more actionable vulnerability reports for end users. Read More
Hadooken Malware Targets Weblogic Applications
Aqua Nautilus researchers identified a new Linux malware targeting Weblogic servers. he main payload calls itself Hadooken which we think is referring to the attack “surge fist” in the Street Fighter series. When Hadooken is executed, it drops a Tsunami malware and deploys a cryptominer. In this blog, we explain the malware, its components, and how we detected
Aqua Nautilus researchers identified a new Linux malware targeting Weblogic servers. he main payload calls itself Hadooken which we think is referring to the attack “surge fist” in the Street Fighter series. When Hadooken is executed, it drops a Tsunami malware and deploys a cryptominer. In this blog, we explain the malware, its components, and how we detectedRead More
Embracing the Future: AWS Customers Leverage Fargate for ECS and EKS Deployments
As organizations advance in their cloud native journey, the adoption of AWS Fargate for ECS (Elastic Container Service) and EKS (Elastic Kubernetes Service) increases. Many customers begin their cloud journey with Amazon ECS, with around 65% of new AWS container customers opting for ECS. This popularity is driven by Fargate’s serverless compute engine, which allows containers to run without managing the underlying infrastructure. Using Amazon ECS or Amazon EKS with AWS Fargate offers several advantages, making it a compelling choice for deploying and managing containerized applications. Here’s why organizations prefer ECS or EKS with Fargate:
As organizations advance in their cloud native journey, the adoption of AWS Fargate for ECS (Elastic Container Service) and EKS (Elastic Kubernetes Service) increases. Many customers begin their cloud journey with Amazon ECS, with around 65% of new AWS container customers opting for ECS. This popularity is driven by Fargate’s serverless compute engine, which allows containers to run without managing the underlying infrastructure. Using Amazon ECS or Amazon EKS with AWS Fargate offers several advantages, making it a compelling choice for deploying and managing containerized applications. Here’s why organizations prefer ECS or EKS with Fargate: Read More
PG_MEM: A Malware Hidden in the Postgres Processes
Aqua Nautilus researchers have uncovered PG_MEM, a new PostgreSQL malware, that brute forces its way into PostgreSQL databases, delivers payloads to hide its operations, and mines cryptocurrency. In this blog, we explain this attack, the techniques used by the threat actor, and how to detect and protect your environments.
Aqua Nautilus researchers have uncovered PG_MEM, a new PostgreSQL malware, that brute forces its way into PostgreSQL databases, delivers payloads to hide its operations, and mines cryptocurrency. In this blog, we explain this attack, the techniques used by the threat actor, and how to detect and protect your environments.Read More