Cloud Security News artwork

22 Sep, 2021 - Vulnerabilities in GCP, AWS and Amazon

Cloud Security News

English - September 29, 2021 14:08 - 2 minutes - 1.98 MB - ★★★★★ - 2 ratings
Tech News News Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: 15 Sep, 2021 - Oracle superior to AWS? AWS Vulnerabilities Discovered and fwd:cloudsec conference held this week
Next Episode: 29 Sep, 2021 - Foggyweb Malware, New Cloud Data Framework + OWASP Top 10

Cloud Security News this week - 22 September 2021

AWS, Google Cloud and Azure have all been busy last few weeks fixing and patching Vulnerabilities. In addition to Azure's OMIGOD flaws which we covered in last week’s episode, Google Cloud reported that some of their load balancers were routing to an Identity-Aware Proxy (IAP) enabled Backend Service which could have been vulnerable to an untrusted party. Google Cloud have confirmed that this issue has been resolved.
Rhino Security Labs have discovered a vulnerability in AWS WorkSpaces, amazon’s virtual desktop. Exploiting this vulnerability allows commands to be executed if a victim opens a malicious WorkSpaces URI from their browser.  Rhino reported the vulnerability to Amazon and it was promptly patched.
Attackers have begun to exploit critical Microsoft Azure vulnerabilities that were reported in last week’s episode. The OMIGOD flaws, discovered by the Wiz Research Team have since been patched by microsoft. New data indicates that attackers are scanning the Web for Azure Linux virtual machines that are vulnerable. If successful, an attacker could become root on a remote machine.
For organisations and enterprises cloud is about improved flexibility, scalability, and cost-effectiveness. For cybercriminals, Cloud is an environment filled with poorly secured enterprise data, applications, and online assets. IBM in their recently released Security X-Force Cloud Threat Landscape Report highlight increased attacker interest in the thriving black market for stolen credentials used to access enterprise accounts and resources on public cloud platforms. IBM X-Force discovered about  30,000 cloud credentials potentially available for sale on Dark Web and Prices for these credentials ranged from a few dollars to more than $15,000 per credential, based on the level of access and the amount of credit associated with an account. Report available here

Episode Show Notes on Cloud Security Podcast Website.


Podcast Twitter - Cloud Security Podcast (@CloudSecPod


If you want to watch videos of this LIVE STREAMED episode and past episodes, check out: 


- Cloud Security Podcast


- Cloud Security Academy



Twitter Mentions