Vulnerabilities in AWS, GCP and Azure - Cloud Security News

Cloud Security Podcast - A podcast by Cloud Security Podcast Team

Categories:

Cloud Security News this week - 22 September 2021 AWS, Google Cloud and Azure have all been busy last few weeks fixing and patching Vulnerabilities. In addition to Azure's OMIGOD flaws which we covered in last week’s episode, Google Cloud reported that some of their load balancers were routing to an Identity-Aware Proxy (IAP) enabled Backend Service which could have been vulnerable to an untrusted party. Google Cloud have confirmed that this issue has been resolved. Rhino Security Labs have discovered a vulnerability in AWS WorkSpaces, amazon’s virtual desktop. Exploiting this vulnerability allows commands to be executed if a victim opens a malicious WorkSpaces URI from their browser.  Rhino reported the vulnerability to Amazon and it was promptly patched. Attackers have begun to exploit critical Microsoft Azure vulnerabilities that were reported in last week’s episode. The OMIGOD flaws, discovered by the Wiz Research Team have since been patched by microsoft. New data indicates that attackers are scanning the Web for Azure Linux virtual machines that are vulnerable. If successful, an attacker could become root on a remote machine. For organisations and enterprises cloud is about improved flexibility, scalability, and cost-effectiveness. For cybercriminals, Cloud is an environment filled with poorly secured enterprise data, applications, and online assets. IBM in their recently released Security X-Force Cloud Threat Landscape Report highlight increased attacker interest in the thriving black market for stolen credentials used to access enterprise accounts and resources on public cloud platforms. IBM X-Force discovered about  30,000 cloud credentials potentially available for sale on Dark Web and Prices for these credentials ranged from a few dollars to more than $15,000 per credential, based on the level of access and the amount of credit associated with an account. Report available here Episode Show Notes on Cloud Security Podcast Website. Podcast Twitter - Cloud Security Podcast (@CloudSecPod) If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: - Cloud Security Podcast: - Cloud Security Academy: