From aquasec.com
300,000+ Prometheus Servers and Exporters Exposed to DoS Attacks
0 1
Our findings highlight that at least 336,000 servers expose their Prometheus servers and exporters to the internet
on Dec 12
From aquasec.com
Kubernetes Exposed: Exploiting the Kubelet API
0 0
Learn how to protect your Kubernetes clusters against Kubelet API attacks and ensure a robust security posture.
on Dec 5
From aquasec.com
Matrix Unleashes A New Widespread DDoS Campaign
0 0
Aqua Nautilus researchers uncovered a new and widespread DDoS campaign orchestrated by a threat actor named Matrix.
on Nov 26
From aquasec.com
Threat Actors Hijack Misconfigured Servers for Live Sports Streaming
0 0
Learn how Nautilus threat-hunting operation analyzed attackers exploiting misconfigured JupyterLab for illegal stream ripping with Traceeshark.
on Nov 20
From aquasec.com
AWS CDK Risk: Exploiting a Missing S3 Bucket Allowed Account Takeover
0 0
We uncovered a security issue related to the AWS Cloud Development Kit (CDK), covering over 38,000 account IDs, identified where users were susceptible.
on Oct 30
From aquasec.com
TeamTNT’s Docker Gatling Gun Campaign
0 0
TeamTNT appears to be returning to its roots while preparing for a large-scale attack on cloud native environments.
on Oct 25
From aquasec.com
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
0 1
Perfctl is particularly elusive and persistent malware employing several sophisticated techniques
on Oct 3
From aquasec.com
CUPS: A Critical 9.9 Linux Vulnerability Reviewed
0 0
FAQs and mitigation around vulnerabilities in the Common UNIX Printing System
on Oct 1
From aquasec.com
Hadooken Malware Targets Weblogic Applications
0 0
Nautilus researchers identified a new Linux malware targeting Weblogic servers with running Hadooken malware
on Sep 12
From aquasec.com
PG_MEM: A Malware Hidden in the Postgres Processes
0 0
Nautilus researchers have uncovered a new malware, that forces its way into PostgreSQL databases, delivers payloads to hide its operations.
on Aug 23
From aquasec.com
Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
0 4
We discovered critical vulnerabilities in six AWS services that range between RCE, full account takeover, manipulation and more.
on Aug 10
From aquasec.com
Phantom Secrets: Undetected Secrets Expose Major Corporations
0 0
Our research discovers that almost 18% of secrets might be overlooked and some cannot be discovered by current scanning tools.
on Jun 26
From aquasec.com
Can You Trust Your VSCode Extensions? - Aqua Security
0 0
Aqua Nautilus breaks down how VSCode extensions can easily be impersonated by attackers who hide malicious code through tactics like typosquatting
on Jun 24
From aquasec.com
Muhstik Malware Targets Message Queuing Services Applications
0 0
Aqua Nautilus has uncovered a new Muhstik malware campaign targeting message queuing services by exploiting a vulnerability in RocketMQ.
on Jun 6
From aquasec.com
Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secrets
0 0
Our research reveals that personal repositories often expose sensitive corporate data, leading to severe security breaches
on May 29
From aquasec.com
Linguistic Lumberjack: Understanding CVE-2024-4323 in Fluent Bit
0 0
Linguistic Lumberjack is a new critical severity vulnerability (CVE-2024-4323) that affects Fluent Bit versions 2.0.7 through 3.0.3.
on May 25
From aquasec.com
Aqua Nautilus Reveals Millions of Potential Kinsing Attacks Daily - Aqua
0 0
Aqua Security published a new report, "Kinsing Exposed: From Myth to Architecture - A Complete Cybersecurity Chronicle.”
on May 14
From aquasec.com
CVE-2024-3094: Newly Discovered Backdoor in XZ tools
0 0
The xz-utils is a popular compression tool used widely across Linux systems, indicating its critical role in the software ecosystem. The xz-utils backdoor, discovered on March 29, 2024, exposes systems to potential backdoor access and remote code execution. It specifically targets versions 5.6.0...
on Apr 1
From aquasec.com
The Hidden Dangers Within Ubuntu's Package Suggestion System
0 0
Aqua Nautilus researchers have identified a security issue that arises from the interaction between Ubuntu's command-not-found package and the snap package repository.
on Mar 1
From aquasec.com
Lucifer DDoS botnet Malware is Targeting Apache Big-Data Stack
0 0
Aqua Nautilus has unveiled a new campaign targeting Apache big-data stack, specifically Apache Hadoop and Apache Druid.
on Feb 29
From aquasec.com
HeadCrab 2.0: Evolving Threat in Redis Malware Landscape
0 0
This is a second blog about HeadCrab, further analysis of the scope of threat, the malware, the techniques etc.
on Feb 2
From aquasec.com
Apache Applications Targeted by Stealthy Attacker
0 0
New attack targeting Apache Hadoop and Flink applications that is intriguing due to the attacker's use of packers and rootkits to conceal the malware.
on Jan 21
From aquasec.com
Deceptive Deprecation: The Truth About npm Deprecated Packages
0 1
This blog will explain about the deceptive deprecation gap and introduce a new tool to scan your packages for deprecated dependencies.
on Jan 20
From aquasec.com
Scanning KBOM for Vulnerabilities with Trivy
0 0
Using KBOMs to secure your Kubernetes cluster components - scanning your core Kubernetes architecture for vulnerabilities.
on Jan 5
From aquasec.com
The Ticking Supply Chain Attack Bomb of Exposed Kubernetes Secrets
0 0
Aqua Nautilus researchers found exposed Kubernetes secrets that pose a critical threat of supply chain attack to hundreds of organizations and OSS.
on Nov 21, 2023
From aquasec.com
50 Shades of Vulnerabilities: Uncovering Flaws in Open-Source Vulnerability Disclosures
0 0
Nautilus researchers evaluated the disclosure process of open-source projects and found flaws that allowed harvesting the vulnerabilities before patched
on Nov 8, 2023
From aquasec.com
Looney Tunables Vulnerability Exploited by Kinsing
0 0
We intercepted Kinsing's experimental incursions into cloud environments and have uncovered their efforts to manipulate the Looney Tunables vulnerability.
on Nov 3, 2023