Last Week in Cloud Security — August 1
July 25 — August 01
Vulnerabilities and Case Studies
Recursive Amplification Attacks: Botnet-as-a-Service
On a recent client engagement, we tested a startup’s up-and-coming SaaS data platform and discovered an alarming attack path. The specific feature names and technologies have been generalized to anonymize the platform.
CVE-2024–41110: Docker Security Advisory on Critical Update for Docker Engine — AuthZ Plugin Bypass
Docker has released crucial updates addressing a critical vulnerability in Docker Engine that could allow attackers to bypass authorization plugins (AuthZ). This issue has a low likelihood of being exploited, but all Docker installations need to upgrade to the latest versions immediately. Docker EE v19.03.x and all versions of Mirantis Container Runtime are not affected.
Malicious PyPI Package Targets macOS to Steal Google Cloud Credentials
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that targets Apple macOS systems with the goal of stealing users’ Google Cloud credentials from a narrow pool of victims.
Identifying a BOLA Vulnerability in Harbor, a Cloud-Native Container Registry
In a recent audit of open-source web applications, threat researchers from Unit 42 have identified a broken object-level authorization (BOLA) vulnerability that impacts Harbor versions prior to 2.9.5. Harbor is a widely used cloud-native container registry that plays a role in cloud environments by hosting container images and providing features such as role-based access control (RBAC), vulnerability scanning and image signing. It is an open-source CNCF Graduated project with over 22,600 stars and 1.8 million downloads. The vulnerability we identified is tracked as CVE-2024–22278, with a CVSS score of 6.4.
Cirrus: Open-source Google Cloud forensic collection
Cirrus is an open-source Python-based tool designed to streamline Google Cloud forensic evidence collection. It can streamline environment access and evidence collection in investigations involving Google Workspace and GCP. The tool simplifies incident response activities and enhances an organization’s security posture.
Worth Knowing
Nearly 10-hour Azure outage caused by DDoS attack, says Microsoft
Microsoft reported that while the initial trigger on a recent, nearly 10-hour Azure outage that led to intermittent errors, timeouts and latency spikes on many of its services was a distributed-denial-of-service (DDoS) attack, the company found that a configuration error in its DDoS defenses “amplified” the attack.
Kubernetes History: How It Conquered Cloud Native Orchestration
Did you know that Kubernetes originally had no built-in features for managing user permissions, or that support for storing data persistently didn’t appear until Kubernetes was four years old?
EPSS Shows Strong Performance in Predicting Exploits, Says Study from Cyentia and FIRST
Tenable sponsored research from Cyentia and FIRST, which finds that while vulnerability exploitation is highly variable, EPSS is getting stronger in its ability to predict exploitation.
Your Feedback
Thanks for reading! We’ll be happy to get your claps 👏 or any feedback in the comments below.
