Last Week in Cloud Security — August 15
August 08 — August 15
Top Threats to Cloud Computing 2024
Top Threats to Cloud Computing 2024
The CSA Top Threats Report aims to raise awareness of current cloud security risks, threats, and vulnerabilities. In this 2024 installment, we surveyed over 500 industry experts on the cloud security issues they’re facing. Respondents identified 11 top threats. The CSA Top Threats Working Group has analyzed the results and provided a description of each cloud security threat, including the business impact, key takeaways, examples, and relevant security controls.
Vulnerabilities and Case Studies
How to Weaponize Microsoft Copilot for Cyberattackers
At Black Hat USA, security researcher Michael Bargury released a “LOLCopilot” ethical hacking module to demonstrate how attackers can exploit Microsoft Copilot — and offered advice for defensive tooling.
Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
During February 2024, we discovered critical vulnerabilities in six AWS services. The impact of these vulnerabilities range between remote code execution (RCE), full-service user takeover (which might provide powerful administrative access), manipulation of AI modules, exposing sensitive data, data exfiltration and denial of service.
Microsoft Azure AI Health Bot Infected With Critical Vulnerabilities
Privilege escalation flaws in the healthcare chatbot platform could have allowed unauthorized cross-tenant access and management of other customers’ resources.
GitHub Attack Vector Cracks Open Google, Microsoft, AWS Projects
Cloud services and thus millions of end users who access them could have been affected by the poisoning of artifacts in the development workflow of open source projects.
Cloud Digital Forensics and Incident Response — AWS IAM Privilege Escalation Leads to EC2 Ransomware Deployment
This article is the third in a series analyzing cloud Digital Forensics and Incident Response (DFIR) scenarios in AWS. The attack detailed in this write up is only a simulation, but it emulates real techniques utilized by real adversaries with real incident response tactics. In this piece, I’ll trace a threat actor’s steps through ransomware deployment, vertical (lateral) movement via AWS Systems Manager (SSM), and privilege escalation through IAM abuse. Forensics artifacts included in this report include Windows Sysmon logs, the Update Sequence Number (USN) Journal, AWS CloudTrail logs, and AWS Systems Manager command history.
Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments
Unit 42 researchers found an extortion campaign’s cloud operation that successfully compromised and extorted multiple victim organizations. It did so by leveraging exposed environment variable files (.env files) that contained sensitive variables such as credentials belonging to various applications.
Critical Flaw in Microsoft Entra ID Allows Privileged Users to Gain Global Admin Status
A significant security flaw in Microsoft Entra ID identity and access management service has been exposed, revealing that privileged users could potentially escalate their access to become global administrators, effectively taking full control of an organization’s cloud environment.
Worth Knowing
Humans are Top Factor in Cloud Security: CSA Study
People have long been seen as a key weakness in cybersecurity, from falling for phishing and other social engineering schemes to running outdated software to inadvertently leaking data.
Risk Management Strategies: Incorporating Cloud WAFs into Your Plan
In today’s digital world, protecting your online assets is more critical than ever. As cyber threats grow increasingly sophisticated, integrating advanced security measures into your risk management strategy is essential. One such measure is the implementation of Cloud Web Application Firewalls (WAFs). In this blog, we’ll explore how Cloud WAFs can enhance your risk management strategy and provide practical tips for incorporating them effectively.
TrailShark: Understanding AWS API and Service Interactions
In this blog, we introduce TrailShark, a plugin that connects Wireshark with AWS CloudTrail logs. This open-source tool was developed as part of the “Bucket Monopoly” research, during which we identified six vulnerabilities in AWS by tracking service interactions and internal API calls. These vulnerabilities range from remote code execution (RCE) and full-service user takeover (which could provide powerful administrative access) to manipulation of AI modules, exposure of sensitive data, data exfiltration, and denial of service.
Your Feedback
Thanks for reading! We’ll be happy to get your claps 👏 or any feedback in the comments below.
