Cloud Native Security, Container Security & Serverless Security Tue, 26 Nov 2024 13:17:15 +0000 en-US hourly 1 https://wordpress.org/?v=6.6.2 https://www.aquasec.com/blog/matrix-unleashes-a-new-widespread-ddos-campaign/ Tue, 26 Nov 2024 03:51:18 +0000 https://www.aquasec.com/?p=23676 Aqua Nautilus researchers uncovered a new and widespread Distributed Denial-of-Service (DDoS) campaign orchestrated by a threat actor named Matrix. Triggered by activities detected on our honeypots, this investigation dives deep into Matrix’s methods, targets, tools, and overall goals.    This campaign highlights how accessible tools and minimal technical knowledge can enable large-scale cyberattacks. Matrix demonstrates a …]]> https://www.aquasec.com/blog/threat-actors-hijack-misconfigured-servers-for-live-sports-streaming/ Tue, 19 Nov 2024 04:51:16 +0000 https://www.aquasec.com/?p=23588 To keep up with the ever-evolving world of cybersecurity, Aqua Nautilus researchers deploy honeypots that mimic real-world development environments. During a recent threat-hunting operation, they uncovered a surprising new attack vector: threat actors using misconfigured servers to hijack environments for streaming sports events. By exploiting misconfigured JupyterLab and Jupyter Notebook applications, attackers drop live streaming …]]> https://www.aquasec.com/blog/threat-alert-teamtnts-docker-gatling-gun-campaign/ Fri, 25 Oct 2024 05:05:37 +0000 https://www.aquasec.com/?p=23151 Long time no see, Aqua Nautilus researchers have identified a new campaign in the making by TeamTNT, a notorious hacking group. In this campaign, TeamTNT appears to be returning to its roots while preparing for a large-scale attack on cloud native environments. The group is currently targeting exposed Docker daemons to deploy Sliver malware, a …]]> https://www.aquasec.com/blog/aws-cdk-risk-exploiting-a-missing-s3-bucket-allowed-account-takeover/ Thu, 24 Oct 2024 05:07:33 +0000 https://www.aquasec.com/?p=23115 In June 2024, we uncovered a security issue related to the AWS Cloud Development Kit (CDK), an open-source project. This discovery adds to the six other vulnerabilities we discovered within AWS services.  The impact of this issue could, in certain scenarios (outlined in the blog), allow an attacker to gain administrative access to a target AWS account, …]]> https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/ Thu, 03 Oct 2024 05:47:01 +0000 https://www.aquasec.com/?p=22817 In this blog post, Aqua Nautilus researchers aim to shed light on a Linux malware that, over the past 3-4 years, has actively sought more than 20,000 types of misconfigurations in order to target and exploit Linux servers. If you have a Linux server connected to the internet, you could be at risk. In fact, …]]> https://www.aquasec.com/blog/cups-a-critical-9-9-linux-vulnerability-reviewed/ Fri, 27 Sep 2024 03:54:24 +0000 https://www.aquasec.com/?p=22771 In the past couple of days there has been many troubling publications and discussions about a mysterious critical Linux vulnerability allowing remote code execution. While this headline is very alarming, after diving into details there are many preconditions that cool down the level of alertness. Aqua Security researchers have looked into the content that was …]]> https://www.aquasec.com/blog/sink-or-swim-tackling-2024s-record-breaking-vulnerability-wave/ Thu, 19 Sep 2024 03:40:46 +0000 https://www.aquasec.com/?p=22634 28,821 — that’s the number of vulnerabilities reported last year alone. With over 28,000 CVEs this year so far, 2024 is on track to set an even more troubling record. As cloud native technologies have become the backbone of modern IT infrastructure, these staggering figures highlight a growing and urgent threat. In this blog, we’ll …]]> https://www.aquasec.com/blog/hadooken-malware-targets-weblogic-applications/ Thu, 12 Sep 2024 03:33:02 +0000 https://www.aquasec.com/?p=22485 Aqua Nautilus researchers identified a new Linux malware targeting Weblogic servers. The main payload calls itself Hadooken which we think is referring to the attack “surge fist” in the Street Fighter series. When Hadooken is executed, it drops a Tsunami malware and deploys a cryptominer. In this blog, we explain the malware, its components, and …]]> https://www.aquasec.com/blog/pg_mem-a-malware-hidden-in-the-postgres-processes/ Mon, 19 Aug 2024 14:43:37 +0000 https://www.aquasec.com/?p=21253 Aqua Nautilus researchers have uncovered PG_MEM, a new PostgreSQL malware, that brute forces its way into PostgreSQL databases, delivers payloads to hide its operations, and mines cryptocurrency. In this blog, we explain this attack, the techniques used by the threat actor, and how to detect and protect your environments. About Postgres PostgreSQL, commonly known as …]]> https://www.aquasec.com/blog/gafgyt-malware-variant-exploits-gpu-power-and-cloud-native-environments/ Wed, 14 Aug 2024 06:00:49 +0000 https://www.aquasec.com/?p=21638 Aqua Nautilus researchers discovered a new variant of Gafgyt botnet. This campaign is targeting machines with weak SSH passwords, executing 2 binaries from memory to increase the Gafgyt botnet and mine crypto currency with GPU power, indicating that the IoT botnet is targeting more robust servers running on cloud native environments. In this blog we …]]>