Tag Archives: opensources
Panamorfi: A New Discord DDoS Campaign
Aqua Nautilus researchers uncovered a new Distributed Denial of Service (DDoS) campaign dubbed ‘Panamorfi’, utilizing the Java written minecraft DDoS package – mineping – the threat actor launches a DDoS. Thus far we’ve only seen it deployed via misconfigured Jupyter notebooks. In this blog we explain about this attack, the techniques used by the threat actor and how to protect your environments.
Aqua Nautilus researchers uncovered a new Distributed Denial of Service (DDoS) campaign dubbed ‘Panamorfi’, utilizing the Java written minecraft DDoS package – mineping – the threat actor launches a DDoS. Thus far we’ve only seen it deployed via misconfigured Jupyter notebooks. In this blog we explain about this attack, the techniques used by the threat actor and how to protect your environments.Read More
Kubernetes History: How It Conquered Cloud Native Orchestration
Did you know that Kubernetes originally had no built-in features for managing user permissions, or that support for storing data persistently didn’t appear until Kubernetes was four years old?
Did you know that Kubernetes originally had no built-in features for managing user permissions, or that support for storing data persistently didn’t appear until Kubernetes was four years old?Read More
Kubernetes Exposed: Exploiting the Kubelet API
Kubelet API is a vital component in Kubernetes clusters that manages pods and their containers on each node. While it is not typically intended for direct user interaction, many DevOps teams may utilize the Kubelet API for debugging and direct node communication. However, exposing the Kubelet API to the public internet while enabling anonymous unauthenticated requests can lead to severe security implications, including unauthorized access and potential data breaches.
Kubelet API is a vital component in Kubernetes clusters that manages pods and their containers on each node. While it is not typically intended for direct user interaction, many DevOps teams may utilize the Kubelet API for debugging and direct node communication. However, exposing the Kubelet API to the public internet while enabling anonymous unauthenticated requests can lead to severe security implications, including unauthorized access and potential data breaches. Read More
Compliance to Implementation: Exploring DORA and NIS 2 Frameworks
The importance of cybersecurity and operational resilience in the financial sector has never been more pronounced. The European Union (EU) has been at the forefront of addressing these critical issues, enacting comprehensive legislations to safeguard the digital infrastructure and ensure the continuity of financial services. Two pivotal pieces of legislation in this domain are the Directive on Security of Network and Information Systems 2 (NIS 2 Directive) and the Digital Operational Resilience Act (DORA). While both aim to bolster the security and resilience of the financial sector, they approach the goal from different angles, creating a complementary framework that addresses a broad spectrum of challenges.
The importance of cybersecurity and operational resilience in the financial sector has never been more pronounced. The European Union (EU) has been at the forefront of addressing these critical issues, enacting comprehensive legislations to safeguard the digital infrastructure and ensure the continuity of financial services. Two pivotal pieces of legislation in this domain are the Directive on Security of Network and Information Systems 2 (NIS 2 Directive) and the Digital Operational Resilience Act (DORA). While both aim to bolster the security and resilience of the financial sector, they approach the goal from different angles, creating a complementary framework that addresses a broad spectrum of challenges. Read More
Phantom Secrets: Undetected Secrets Expose Major Corporations
For years, we’ve been educating developers not to hard-code secrets into their code. Now it turns out that even doing this once might permanently expose that secret, even after its apparent removal – and worse, most secrets scanning methods will miss it. Our research found that almost 18% of secrets might be overlooked.
For years, we’ve been educating developers not to hard-code secrets into their code. Now it turns out that even doing this once might permanently expose that secret, even after its apparent removal – and worse, most secrets scanning methods will miss it. Our research found that almost 18% of secrets might be overlooked.Read More
Catch Me If You Can: Uncovering Malicious Threats in Container Images
What do Frank Abagnale Jr., the notorious con artist from “Catch Me If You Can”, the Golden Snitch from “Harry Potter,” and the Higgs boson from physics have in common? They’re all extremely difficult to catch. Whether it’s outsmarting the FBI, eluding a Quidditch player, or taking physicists almost 50 years to discover, each represents a challenge of capturing something elusive. This analogy perfectly illustrates the nature of sophisticated cyber threats targeting container environments today – they are designed to evade detection, making them incredibly hard to catch.
What do Frank Abagnale Jr., the notorious con artist from “Catch Me If You Can”, the Golden Snitch from “Harry Potter,” and the Higgs boson from physics have in common? They’re all extremely difficult to catch. Whether it’s outsmarting the FBI, eluding a Quidditch player, or taking physicists almost 50 years to discover, each represents a challenge of capturing something elusive. This analogy perfectly illustrates the nature of sophisticated cyber threats targeting container environments today – they are designed to evade detection, making them incredibly hard to catch. Read More
Understanding the Importance of Runtime Security
Gartner has estimated that “90% of global organizations will be running containerized applications in production by 2026—up from 40% in 2021.”
The inherent benefits of cloud native application development enable developers to introduce new code into the environment at an accelerated rate. However, the dynamic nature of these environments amplifies the risks associated with runtime attacks.
Gartner has estimated that “90% of global organizations will be running containerized applications in production by 2026—up from 40% in 2021.”
The inherent benefits of cloud native application development enable developers to introduce new code into the environment at an accelerated rate. However, the dynamic nature of these environments amplifies the risks associated with runtime attacks. Read More
Muhstik Malware Targets Message Queuing Services Applications
Aqua Nautilus discovered a new campaign of Muhstik malware targeting message queuing services applications, specifically the Apache RocketMQ platform. Our investigation revealed that the attackers downloaded the known malware Muhstik onto the compromised instances by exploiting a known vulnerability in the platform. In this blog, we will explore how the attackers exploit the existing vulnerability in RocketMQ, examine how the Muhstik malware affects the compromised instances, and analyze the number of RocketMQ instances worldwide vulnerable to this type of attack.
Aqua Nautilus discovered a new campaign of Muhstik malware targeting message queuing services applications, specifically the Apache RocketMQ platform. Our investigation revealed that the attackers downloaded the known malware Muhstik onto the compromised instances by exploiting a known vulnerability in the platform. In this blog, we will explore how the attackers exploit the existing vulnerability in RocketMQ, examine how the Muhstik malware affects the compromised instances, and analyze the number of RocketMQ instances worldwide vulnerable to this type of attack. Read More
Linguistic Lumberjack: Understanding CVE-2024-4323 in Fluent Bit
Linguistic Lumberjack is a new critical severity vulnerability (CVE-2024-4323) that affects Fluent Bit versions 2.0.7 through 3.0.3. The vulnerability involves a memory corruption error, potentially leading to denial of service, information disclosure, or remote code execution.
Linguistic Lumberjack is a new critical severity vulnerability (CVE-2024-4323) that affects Fluent Bit versions 2.0.7 through 3.0.3. The vulnerability involves a memory corruption error, potentially leading to denial of service, information disclosure, or remote code execution. Read More
