Not rendering correctly? View this email as a web page here.
Kubernetes Release 1.21; Amazon ECS Exec Support; Aqua Protects Arm-based Architecture; PHP Supply Chain Attack; JDWP Misconfiguration in Containers and K8s; KubeCon EU, and more

Here's a roundup of the latest cloud native industry news for you. Kubernetes continues to rapidly evolve, and the new version 1.21 has just been released – in our blog, we review the notable features and updates you should know about. If you’re into eBPF technology, there’s a great write-up on how to get started with bpf and libbpfgo. The CNCF’s flagship conference KubeCon + CloudNativeCon EU is coming up next month, promising plenty of exciting sessions around security. Check out our agenda and join adopters and technologists from cloud native community.

News You Can Use
Secure Containerized Environments with Updated Threat Matrix for Kubernetes Microsoft released the second version of the threat matrix for Kubernetes, which considers the latest changes in the threat landscape. The revised matrix can help organizations identify the current gaps in their defenses’ coverage against the different threats that target Kubernetes.
Learn more in the blog ›
PHP Supply Chain Attack Shows Open Source’s Virtues and Vices In the latest software supply chain attack, the official PHP Git repository was hacked to add backdoors to the code base. Such attacks are expected to continue as it’s very easy to pretend to be another local Git user and upload a forged commit to a remote Git server.
See the details on TheNewStack ›
The Worst So-called “Best Practice” for Docker There are many recommendations on what to do and not to do when using Docker. One of the false ones is not to install security updates when building your Docker image because you “cannot upgrade inside an unprivileged container.” This post explains why this is not the case. Find out more on Pythonspeed ›
The State of Serverless Computing 2021 Function-as-a-Service (FaaS) allows developers to write and deploy a piece of code anytime, which can then be run upon event triggers. With the ability to reduce costs and operational complexities, serverless computing is likely to grow at a steady pace in the coming years. Learn why 2021 is the year of FaaS.
Read the article on DZone ›
Beyond SolarWinds: Principles for Securing Software Supply Chains The number and consequences of supply chain exploitations like the SolarWinds compromise continue to increase. The new technical paper by MITRE introduces a set of principles and recommendations to protect against such types of attacks. Check it out on ›
The Cloud Migration Forecast: Cloudy with a Chance of Clouds According to the new Deloitte report, the cloud market grew even faster in 2020 than in 2019, and cloud revenue growth will continue to remain above 30% through 2025. Increases in cloud usage mean increases in the attack surface, making security more important than ever.
Learn more on Deloitte’s blog ›
Have you secured K8s clusters with thousands of nodes for a Fortune 500 company? Dwayne Holmes has, and he’s one of the speakers on our roundtable where we discuss achieving enterprise-scale cloud native security and DevSecOps strategies. Learn about real life challenges faced by organizations, lessons learned, and best practices.
Watch on-demand webinar ›
The 10 Most Common Azure Configuration Challenges
Azure Configuration Challenges
Today, developers are increasingly making configuration changes that can have dramatic implications for your security posture. In this white paper, we share the 10 Azure services and features that are most critical to get right.

Get your copy here ›
Aqua News

Kubernetes Version 1.21 - What You Need to Know The first Kubernetes release of 2021 is out, and there are some key changes which could have impacts to security. In this blog, our Cloud Native Security Advocate Rory McCune reviews notable updates and features - the deprecation of PodSecurityPolicies, new features to block Kubernetes vulnerabilities, and the new IPv6 support. Learn all about K8s v1.21 here ›

Protecting Arm-based Container Workloads on AWS Graviton2 Aqua announced industry-first container runtime security solution for Arm 64-bit environments. Now customers can take advantage of the high density and cost-effectiveness provided by Arm-based infrastructure from the cloud to the edge, while ensuring unified, consistent security across all architectures.
Check out the blog ›

Aqua CyberCenter: Elevating Vulnerability Scanning Beyond the NVD With Aqua CyberCenter, we extend beyond the NVD to enhance cybersecurity intel for cloud native DevOps. It’s a comprehensive and reliable source of security risk information, cataloguing not only public CVEs but also vendor security advisories, malware, and our primary threat research. Read more ›

How to Build eBPF Programs with libbpfgo libbpf library, maintained in the Linux kernel source tree, is a better way to build eBPF projects, which provides developers with an API for loading and interacting with bpf programs. Our open source engineer Grant Seltzer explains the nature of libbpf and how to start using it, what vmlinux.h is and why it's important for writing eBPF programs.
Check it out here ›

JDWP Misconfiguration in Container Images and K8s Team Nautilus detected dozens of container images in Docker Hub with enabled Java Debug Wire Protocol, which belong to large organizations and may expose them to severe risk when running in production. To learn how attackers can exploit this misconfiguration in containers and Kubernetes,
see our analysis in the blog ›

Aqua Supports New Amazon ECS Exec Troubleshooting Capability We expanded our support to secure Amazon’s new ECS Exec; a simple and secure way to execute commands into containers. This extends Aqua’s runtime protection features, including drift prevention, to ensure that legitimate access to containers is allowed while still preventing disallowed actions.
Find out more ›

KubeCon + CloudNativeCon Europe 2021 Virtual
2021 KubeCon
KubeCon EU Virtual is back on May 4-7! The Cloud Native Computing Foundation’s flagship conference gathers leading open source and cloud native communities to further the education and advancement of cloud native computing. Hear from Aqua's experts on Kubernetes security, supply chain attacks, vulnerability management, and more.

Learn more here ›
Go cloud native with the experts!
See the Aqua Platform in action
Schedule a Demo
Aqua Cloud Native Security