Not rendering correctly? View this email as a web page here.
Cloud Native Security Remains a Complex Organism; Role-Based Access Control in Modern Cloud Native Security; Threat Alert: DzMLT has Hidden Cryptominers in Container Images; Aqua Security and Microsoft work together to ensure highly secure cloud-native apps

Welcome back! We have a great selection of industry and Aqua news for you. To start things off, while many of us are still WFH, our adversaries - the bad actors - are doubling down on organized attacks targeting cloud native environments. You can read all about one such attack in our threat alert blog, as well as topics covering the importance of granular role assignments, identifying vulnerabilities in deployments, and much more.

News You Can Use

Hackers Cryptojack Microsoft Azure ML Clusters  Microsoft warned that hackers are hijacking Kubeflow (a machine learning toolkit). Azure Security Center discovered the large-scale attack on Kubernetes clusters running on top of Azure that used exposed Kubernetes dashboards to deploy cryptocurrency miners. Read on SDXcentral ›
Container Security Cloud-Native Security Remains a Complex Organism Adoption of the cloud-native ecosystem has been impacted by security concerns tied to nascent cloud-native technologies. Kubernetes, the de facto standard for container orchestration, now has greater scrutiny over the security of Kubernetes-based platforms. Read on SDXcentral ›
Open Source Vulnerability Scanner Kubernetes Starboard Project Offers Security Scanning from Kubectl Starboard is a new Kubernetes-native, extensible security toolkit licensed under Apache 2.0 and created by Aqua Security, among others. Used to find risks in workloads, it unifies other security tools and makes the results accessible via the Kubernetes API. Read on The NewStack ›
HashiCorp Goes Multi-Cloud With A Fully Managed Cloud Platform HashiCorp now offers its flagship DevOps and automation tools as a fully integrated and managed service. now its customers can just push a button to deploy production-grade clusters running their tools in major cloud platforms. Read on Forbes ›
Kinsing Malware Managing the Security of Cloud-Native Architectures Offering flexibility, cost savings, and scalability, they can also introduce new security challenges when moving from data centers to the cloud. When done right, container-based and serverless development/deployment models can offer new levels of security.  Container Journal ›
Container Security Open Source Security Podcast: Talking Container Security with Liz Rice Cloud native industry pundits Josh Bressers and Kurt Seifried speak with our very own Liz Rice from Aqua Security about container security, and her new book on fundamental technology concepts that protect containerized applications. Listen here ›
Next on KubeSec: The Sharp Edges of Kubernetes Security

Kubernetes Security
Back by popular demand, the KubeSec Enterprise Online series continues with sessions featuring Red Hat, NGINX, Giant Swarm and NCC:
July 7, The Sharp Edges of Kubernetes Security Presented by Rory McCune, Principal Security Analyst at NCC Group and Liz Rice at Aqua.  
July 14, Achieving security and compliance in a large, multi-cluster Kubernetes fleet with Jason Burrell, Security Lead, OpenShift Dedicated Site Reliability Engineering at Red Hat. 
Find a complete list at Registration to KubeSec Sessions › 
Aqua News

Role-Based Access Control Role-Based Access Control (RBAC) in Modern Cloud Native Security Today’s enterprise environments have multiple teams working on multiple projects with different assets, functions, CI pipelines, applications, etc. But Aqua simplifies RBAC with a full-lifecycle security platform that covers your build artifacts, infrastructure, and workloads. Learn More ›
Aqua Risk Explorer Visualize and Prioritize Risks in Kubernetes with Aqua Risk Explorer The dynamic display of workloads and risk assessment scoring provided by Risk Explorer instantly and easily helps DevSecOps teams to identify their most vulnerable deployments and nodes - and prioritize security remediation based on that risk. Read the Blog  ›
Threat Alert: DzMLT has Hidden Cryptominers in Container Images Aqua recently performed an in-depth examination of cloud native assets in the wild using Aqua’s exclusive Dynamic Threat Analysis tool. We found an infrastructure of 23 container images with a Potentially Unwanted Application (PUA) hidden within its image layers or downloaded into containers during runtime. Read the Blog ›
Starboard Kubernetes Security Starboard: The Kubernetes-Native Toolkit for Unifying Security What would a Kubernetes-native, integrated security experience look like? Well, now’s your chance to find out, as we’re excited to release Starboard, an Apache 2.0 licensed toolkit for finding risks in your Kubernetes workloads and environments. Read the Blog ›
Aqua Security and Microsoft Aqua Security and Microsoft work together to ensure highly secure cloud-native apps Since 2016, Aqua and Microsoft have worked closely together, selling solutions jointly to increase security for customers. Going forward, we continue to collaborate on delivering important solutions to their shared customers. Read more at ›
Trivy VS Plugin v5 Using Trivy to Discover Vulnerabilities in VS Code Projects The Open Source team at Aqua developed a Visual Studio Code extension for Trivy open source vulnerability scanner, to enable scanning of container images directly inside the VS Code editor. This blog covers how to install the extension, running it to scan for vulnerabilities. Continue Reading ›
Webinar: Why You Need & How to Evaluate a Cloud Native Security Solution

Cloud Native Security

In this webinar presented by Steve Giguere, a Sr. Solution Architect at Aqua Security, you'll learn what’s needed to ensure your organization is ready for cloud native production environments. This webinar examines security topics, including: Cloud native specific CVEs, Open Source CVEs, The role of compliance, Budget considerations, Security: moving to DevOps, Drift prevention – what it is and why it’s important in cloud native, and more. Sign Up Here

Ready to Secure your Cloud Native Apps?
The Aqua Cloud Native Security platform enables enterprises to secure their cloud native, container-based and serverless applications from development to production.
Contact Aqua