Category: Other
Understanding the Importance of Runtime Security
Gartner has estimated that “90% of global organizations will be running containerized applications in production by 2026—up from 40% in 2021.”
The inherent benefits of cloud native application development enable developers to introduce new code into the environment at an accelerated rate. However, the dynamic nature of these environments amplifies the risks associated with runtime attacks.
Gartner has estimated that “90% of global organizations will be running containerized applications in production by 2026—up from 40% in 2021.”
The inherent benefits of cloud native application development enable developers to introduce new code into the environment at an accelerated rate. However, the dynamic nature of these environments amplifies the risks associated with runtime attacks. Read More
Muhstik Malware Targets Message Queuing Services Applications
Aqua Nautilus discovered a new campaign of Muhstik malware targeting message queuing services applications, specifically the Apache RocketMQ platform. Our investigation revealed that the attackers downloaded the known malware Muhstik onto the compromised instances by exploiting a known vulnerability in the platform. In this blog, we will explore how the attackers exploit the existing vulnerability in RocketMQ, examine how the Muhstik malware affects the compromised instances, and analyze the number of RocketMQ instances worldwide vulnerable to this type of attack.
Aqua Nautilus discovered a new campaign of Muhstik malware targeting message queuing services applications, specifically the Apache RocketMQ platform. Our investigation revealed that the attackers downloaded the known malware Muhstik onto the compromised instances by exploiting a known vulnerability in the platform. In this blog, we will explore how the attackers exploit the existing vulnerability in RocketMQ, examine how the Muhstik malware affects the compromised instances, and analyze the number of RocketMQ instances worldwide vulnerable to this type of attack. Read More
Linguistic Lumberjack: Understanding CVE-2024-4323 in Fluent Bit
Linguistic Lumberjack is a new critical severity vulnerability (CVE-2024-4323) that affects Fluent Bit versions 2.0.7 through 3.0.3. The vulnerability involves a memory corruption error, potentially leading to denial of service, information disclosure, or remote code execution.
Linguistic Lumberjack is a new critical severity vulnerability (CVE-2024-4323) that affects Fluent Bit versions 2.0.7 through 3.0.3. The vulnerability involves a memory corruption error, potentially leading to denial of service, information disclosure, or remote code execution. Read More
Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secrets
What happens when employees at some of the world’s largest organizations like Microsoft and RedHat use personal GitHub repos for their side projects? They can unknowingly expose corporate secrets and credentials opening the doors for a security incident. Unfortunately, this isn’t just a hypothetical situation.
What happens when employees at some of the world’s largest organizations like Microsoft and RedHat use personal GitHub repos for their side projects? They can unknowingly expose corporate secrets and credentials opening the doors for a security incident. Unfortunately, this isn’t just a hypothetical situation. Read More
Elevating AWS Kubernetes Security and Compliance
Amazon Elastic Kubernetes Service (Amazon EKS) streamlines the process of deploying, managing, and scaling Kubernetes clusters on Amazon Web Services (AWS), sparing users the complexities of setting up and maintaining their own Kubernetes control plane. Kubernetes itself is an open-source platform designed to automate the management, scaling, and deployment of applications within containers.
Amazon Elastic Kubernetes Service (Amazon EKS) streamlines the process of deploying, managing, and scaling Kubernetes clusters on Amazon Web Services (AWS), sparing users the complexities of setting up and maintaining their own Kubernetes control plane. Kubernetes itself is an open-source platform designed to automate the management, scaling, and deployment of applications within containers.Read More
Securing GenAI: Safeguarding LLM-Powered Applications with Aqua
In the rapidly evolving world of artificial intelligence, the rise of Generative AI (GenAI) has sparked a revolution in how we interact with and leverage this technology. GenAI is based on large language models (LLMs) that have demonstrated remarkable capabilities, from generating human-like text to powering conversational interfaces and automating complex tasks.
In the rapidly evolving world of artificial intelligence, the rise of Generative AI (GenAI) has sparked a revolution in how we interact with and leverage this technology. GenAI is based on large language models (LLMs) that have demonstrated remarkable capabilities, from generating human-like text to powering conversational interfaces and automating complex tasks. Read More
Setting Sail: Keeping a Weathered Eye on the Horizon of Cloud Security
As I hoist the sail on this new journey with Aqua, I was asked why did I join? Why am I thrilled to be part of this organization and what is it about Aqua’s approach to safeguarding cloud native systems that resonates with me? For close to 20 years I have experienced building, transforming, and leading go-to-market teams within software and SAAS companies, but it was Aqua’s commitment to solving the intricacies of cloud native security that made my decision to join clear.
As I hoist the sail on this new journey with Aqua, I was asked why did I join? Why am I thrilled to be part of this organization and what is it about Aqua’s approach to safeguarding cloud native systems that resonates with me? For close to 20 years I have experienced building, transforming, and leading go-to-market teams within software and SAAS companies, but it was Aqua’s commitment to solving the intricacies of cloud native security that made my decision to join clear. Read More