Aqua News

They also overlap with an ongoing TeamTNT campaign disclosed by Aqua called Silentbob that leverages misconfigured cloud services to drop malware as part of what’s said to be a testing effort, while also linking SCARLETEEL attacks to the threat actor, citing infrastructure commonalities. 

BOSTON—July 6, 2023—Aqua Security, the pioneer in cloud native security, today announced the appointment of Gilad Elyashar as Chief Product Officer. Elyashar will be Aqua’s first Chief Product Officer responsible for leading the product management organization from strategy to execution. Working closely with Aqua’s customers and Aqua’s technology team, he will guide the evolution of …

Based on analysis by Aqua Nautilus researchers of 700,000 real-world attacks, the report covers three key areas: software supply chain, risk posture (including vulnerabilities and misconfigurations), and runtime protection.

According to Aqua CEO Dror Davidoff, “Two years ago, ‘agentless security’ stormed the market with claims of greatness ‘ding dong the agents are dead!’. It is only now that we see vendors admitting agentless provides only visibility, not cloud security.”

BOSTON—June 27, 2023—Aqua Security, the pioneer in cloud native security, today published its 2023 Cloud Native Threat Report, which summarizes research and observations by Aqua Nautilus threat researchers. Based on analysis of actual attacks in the wild, the report provides security practitioners insight into threat actors’ changing tactics, techniques and procedures in order to better …

According to an advisory published by Aqua Security Software, the discovered repojacking attack allows threat actors to execute code within organizations’ internal environments or their customers’ environments. 

What Aqua discovered was twofold: millions of such repositories — including those belonging to companies such as Google and Lyft — are present on GitHub; and tools are easily available to attackers to find these repos and hijack them. 

“When a repository owner changes their username, a link is created between the old name and the new name for anyone who downloads dependencies from the old repository,” researchers Ilay Goldman and Yakir Kadkoda said. “However, it is possible for anyone to create the old username and break this link.”