News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Tag: Aqua Security

HeadCrab 2.0 discovered
March 21, 2024
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog in the code provides clues and takes swipes at the defenders. Last year, the then new malware HeadCrab caused trouble. Cybercriminals used the cutting-edge malware, which remains undetectable by agentless and traditional antivirus solutions, to compromise Redis servers. The criminals' campaign has been active since September 2021 and by the beginning of 2023 had already compromised 1.200 servers worldwide in order to misuse them for cryptojacking. Now the security experts discovered...

Read more

Attacks on SSH servers through SSH tunneling
22 January 2024
| No comments
| PR News
Attacks on SSH servers through SSH tunneling

A pioneer in cloud native security has shed light on a long-standing but little-known threat to SSH servers. SSH tunneling allows threat actors to use SSH servers as a slave proxy and route traffic through them. Several months of research by Aqua's Nautilus research team revealed that cybercriminals have found a way to use SSH tunneling to create proxy pools. The cybercriminals primarily aimed at spreading SPAM, but evidence of information theft or cryptomining was also found. As part of the investigation, Team Nautilus found numerous indications that compromised…

Read more

Hundreds of unprotected Kubernetes clusters discovered
24 November 2023
| No comments
| Short news
Hundreds of unprotected Kubernetes clusters discovered

Over 350 compromised enterprise and individual Kubernetes clusters are due to two misconfigurations. A cloud native security company recently demonstrated this. Aqua Security identified Kubernetes clusters from more than 350 organizations, open source projects and individuals that were openly accessible and unprotected. This was the result of several months of research by Aqua's “Nautilus” research team. A notable subset of clusters were associated with large conglomerates and Fortune 500 companies. At least 60 percent of these clusters were attacked and had an active campaign with deployed malware and backdoors. The security holes were due to two misconfigurations...

Read more

Endangered artifacts and container images
29 April 2023
| No comments
| PR News
Endangered artifacts and container images

A pioneer in cloud-native security has discovered thousands of exposed registries and artifact repositories containing over 250 million artifacts and over 65.000 container images. Many of these artifacts and images contained highly confidential and sensitive proprietary code and "secrets". Aqua's team of IT security researchers, Team Nautilus, uncovered misconfigurations that put thousands of companies of all sizes at risk worldwide - including five from the Fortune 500 and two major IT security vendors. At IBM, for example, an internal container registry was exposed to the Internet: After Nautilus researchers informed the local security team, Internet access to these environments was closed and the risks minimized. Aqua has…

Read more

Novel malware detected: HeadCrab
27. February 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

A security vendor warns of a new, elusive, and serious threat. Aqua's research unit, Team Nautilus, discovered a new, cutting-edge and novel piece of malware from a new group dubbed 'HeadCrab'. The malware penetrates into Redis database servers and from then on remains mostly completely undetected, as it apparently cannot be detected by agentless and conventional antivirus solutions. The HeadCrab malware has been able to compromise a large number of Redis servers worldwide since September 2021 and has taken control of at least 1.200 servers to date. Redis In-Memory Databases – Widespread and…

Read more

Cloud Native Protection including up to 1 million US dollars in the event of damage 
September 8, 2022
| No comments
| PR News
Cloud Native Protection including up to 1 million US dollars in the event of damage

Aqua is the only vendor guaranteed to stop cloud-native attacks in production; In the event of a proven successful attack, up to $1 million will be paid out. Aqua Security, the market leader and specialist in cloud native security, has introduced the industry's first and only cloud native security guarantee. Customers who have fully implemented Aqua's Cloud Native Application Protection Platform (CNAPP) following best practices and still fall victim to a cloud native attack will be awarded up to $1 million in damages. Here, cloud-native attack refers to unauthorized access by a third party to…

Read more

770 million logs compromised at Travis CI API
July 8, 2022
| No comments
| Short news
B2B Cyber ​​Security ShortNews

More than 770 million Travis CI API logs are potentially compromised. The free version of the popular CI/DE tool has a new vulnerability and allows access to tokens, user data and passwords. Team Nautilus, Aqua Security's research unit specializing in the cloud-native technology stack, has discovered a new vulnerability in the free version of the Travis CI API, a popular CI/CD tool. The vulnerability easily accesses over tens of thousands of user credentials, tokens and other credentials from potentially up to 770 million free version user logs. 770 million logs visible…

Read more

Scanners for Cloud Native Security
June 12, 2022
| No comments
| PR News

The Cloud Native Vulnerability and Risk Scanner now offers new capabilities that enable users to seamlessly integrate and scale cloud native security into their software development lifecycle (SDLC). Aqua Security, the leading pure-play cloud native security provider, today announced several updates to Aqua Trivy, making it the world's first unified cloud native security scanner. By consolidating multiple scanning tools into a single tool, Aqua Trivy is now the most comprehensive vulnerability and misconfiguration scanner for cloud native applications and infrastructure. Trivy…

Read more

New Cloud Native Threats Report 2022
26 May 2022
| No comments
| PR News
New Cloud Native Threats Report 2022

Aqua Security launches new 2022 Cloud Native Threat Report. Cryptomining malware is still the number one, but backdoors and worms already account for more than half of all attacks. Attackers are increasingly targeting Kubernetes and the software supply chain. Aqua Security, the leader in cloud native security, has released its 2022 Cloud Native Threat Report: Tracking Software Supply Chain and Kubernetes Attacks and Techniques study. The study was prepared by Team Nautilus, Aqua Security's research unit specializing in cloud native technology, and aims to provide insights into trends and key insights for...

Read more

First Python-based ransomware attack revealed
16 April 2022
| No comments
| Short news
B2B Cyber ​​Security ShortNews

Team Nautilus, Aqua Security's research unit specializing in the cloud-native technology stack, has discovered a new attack vector that cybercriminals can use to target companies running ransomware. For the first time, the team uncovered a Python-based ransomware attack targeting the open source software Jupyter Notebook, popular with data professionals. Attackers first gain access through misconfigured environments and then run a ransomware script that encrypts every file in a specified path on the server and then deletes itself after execution to obfuscate the attack. Because Jupyter Notebook is used to analyze…

Read more

© 2024 MedPressIT GbR
Cookie Settings