Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
14 résultats taggé aquasec  ✕
Tomcat in the Crosshairs: New Research Reveals Ongoing Attacks https://www.aquasec.com/blog/new-campaign-against-apache-tomcat/
02/04/2025 14:56:40
QRCode
archive.org
thumbnail

New malware targets Apache Tomcat servers, hijacking resources through stealthy payloads & lateral movement. What to watch for to protect your workloads

aquasec EN 2025 Tomcat Ongoing Attacks malware workloads
300,000+ Prometheus Servers and Exporters Exposed to DoS Attacks https://www.aquasec.com/blog/300000-prometheus-servers-and-exporters-exposed-to-dos-attacks/
14/12/2024 11:10:11
QRCode
archive.org
thumbnail

In this research, we uncovered several vulnerabilities and security flaws within the Prometheus ecosystem. These findings span across three major areas: information disclosure, denial-of-service (DoS), and code execution. We found that exposed Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API keys.
Additionally, we identified an alarming risk of DoS attacks stemming from the exposure of pprof debugging endpoints, which, when exploited, could overwhelm and crash Prometheus servers, Kubernetes pods and other hosts.

aquasec EN 2024 Prometheus Servers DoS attacks Exposed research
Matrix Unleashes A New Widespread DDoS Campaign https://www.aquasec.com/blog/matrix-unleashes-a-new-widespread-ddos-campaign/
26/11/2024 17:02:27
QRCode
archive.org
thumbnail

Aqua Nautilus researchers uncovered a new and widespread DDoS campaign orchestrated by a threat actor named Matrix.

aquasec EN 2024 analysis DDoS Matrix campaign
Threat Actors Hijack Misconfigured Servers for Live Sports Streaming https://www.aquasec.com/blog/threat-actors-hijack-misconfigured-servers-for-live-sports-streaming/
21/11/2024 09:33:49
QRCode
archive.org
thumbnail

Learn how Nautilus threat-hunting operation analyzed attackers exploiting misconfigured JupyterLab for illegal stream ripping with Traceeshark.

aquasec EN 2024 JupyterLab illegal streaming hacked Traceeshark
perfctl: A Stealthy Malware Targeting Millions of Linux Servers https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/
06/10/2024 23:32:52
QRCode
archive.org
thumbnail

Perfctl is particularly elusive and persistent malware employing several sophisticated techniques

aquasec EN 2024 research Stealthy Malware Linux Servers perfctl
Hadooken Malware Targets Weblogic Applications https://www.aquasec.com/blog/hadooken-malware-targets-weblogic-applications/
16/09/2024 15:59:33
QRCode
archive.org
thumbnail

Nautilus researchers identified a new Linux malware targeting Weblogic servers with running Hadooken malware

aquasec EN 2024 Hadooken Malware Weblogic Applications Oracle weak-password
Gafgyt Malware Variant Exploits GPU Power and Cloud Native Environments https://www.aquasec.com/blog/gafgyt-malware-variant-exploits-gpu-power-and-cloud-native-environments/
15/08/2024 08:37:48
QRCode
archive.org
thumbnail

Aqua Nautilus researchers discovered a new variant of Gafgyt targeting machines with weak SSH passwords.

aquasec EN 2024 Gafgyt Malware SSH passwords botnet GPU Power cloud
Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secrets https://www.aquasec.com/blog/github-repos-expose-azure-and-red-hat-secrets/
16/05/2024 16:00:38
QRCode
archive.org
thumbnail

Our research reveals that personal repositories often expose sensitive corporate data, leading to severe security breaches

aquasec EN 2024 GitHub Repos Exposed Redhat Microsoft tokens
The Ticking Supply Chain Attack Bomb of Exposed Kubernetes Secrets https://blog.aquasec.com/the-ticking-supply-chain-attack-bomb-of-exposed-kubernetes-secrets
24/11/2023 12:16:29
QRCode
archive.org
thumbnail

Aqua Nautilus researchers found exposed Kubernetes secrets that pose a critical threat of supply chain attack to hundreds of organizations and OSS.

aquasec EN 2023 secrets Kubernetes disclosure Supply-chain-attack
PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks https://blog.aquasec.com/powerhell-active-flaws-in-powershell-gallery-expose-users-to-attacks
18/08/2023 08:18:30
QRCode
archive.org
thumbnail

Recent findings by Aqua Nautilus have exposed significant flaws that are still active in the PowerShell Gallery's policy regarding package names and owners. These flaws make typosquatting attacks inevitable in this registry, while also making it extremely difficult for users to identify the true owner of a package. Consequently, these flaws pave the way for potential supply chain attacks on the registry's vast user base.

aquasec EN 2023 PowerHell PowerShell Gallery typosquatting
Tomcat Under Attack: Exploring Mirai Malware and Beyond https://blog.aquasec.com/tomcat-under-attack-investigating-the-mirai-malware
31/07/2023 15:02:28
QRCode
archive.org
thumbnail

Tomcat Vulnerability explore some of the techniques used by the Mirai botnet to exploit a single attack directed at one of our Apache Tomcat honeypots.

aquasec EN 2023 Tomcat Mirai botnet Apache
HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign https://blog.aquasec.com/headcrab-attacks-servers-worldwide-with-novel-state-of-art-redis-malware
01/02/2023 21:42:57
QRCode
archive.org
thumbnail

HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign
Aqua Nautilus researchers discovered a new elusive and severe threat that has been infiltrating and residing on servers worldwide since early September 2021. Known as HeadCrab, this advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number of Redis servers. The HeadCrab botnet has taken control of at least 1,200 servers.

This blog will delve into the details of the HeadCrab attack, examining its methods of operation, techniques used to evade detection, and steps organizations can take to safeguard their systems.

aquasec EN 2023 State-of-the-Art Redis Malware HeadCrab
Threat Alert: Private npm Packages Disclosed via Timing Attacks https://blog.aquasec.com/private-packages-disclosed-via-timing-attack-on-npm
14/10/2022 09:42:51
QRCode
archive.org
thumbnail

Via timing attacks, threat actors create phony public npm packages masked as private ones to deceive developers into downloading compromised packages

aquasec EN 2022 npm supplychain supply-chain attack timing-attack
Threat Alert: New Malware in the Cloud By TeamTNT https://blog.aquasec.com/new-malware-in-the-cloud-by-teamtnt
21/09/2022 23:41:46
QRCode
archive.org
thumbnail

Could TeamTNT be back? Our honeypots were attacked by malware that bears a resemblance to these threat actors and we analyze the possible connection.

aquasec EN 2022 TeamTNT Analysis
4514 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio