Last Week in Cloud Security — August 22
August 15 — August 22
Vulnerabilities and Case Studies
Azure domains and Google abused to spread disinformation and malware
A clever disinformation campaign engages several Microsoft Azure and OVH cloud subdomains as well as Google search to promote malware and spam sites.
“WireServing” Up Credentials: Escalating Privileges in Azure Kubernetes Services
Mandiant disclosed this vulnerability to Microsoft via the Microsoft Security Response Center (MSRC) vulnerability disclosure program, and Microsoft has fixed the underlying issue.
Widespread Cloud Exposure: Extortion Campaign Used Exposed AWS ENV Files to Target 110,000 Domains
A cloud extortion campaign exploited misconfigured AWS .env files to target 110,000 domains, stealing credentials and ransoming cloud storage data.
ALBeast Security Advisory ALB Vulnerability
Miggo Research identified a critical configuration-based vulnerability, dubbed ALBeast, affecting applications that utilize AWS Application Load Balancer (ALB) for authentication. This flaw can facilitate authentication and authorization bypass in applications exposed to the internet that relies on ALB’s authentication mechanisms.
SSRFing the Web with the help of Copilot Studio
Tenable Research discovered a critical information-disclosure vulnerability in Microsoft’s Copilot Studio via a server-side request forgery (SSRF), which allowed researchers access to potentially sensitive information regarding service internals with potential cross-tenant impact.
Detecting AWS Account Compromise: Key Indicators in CloudTrail Logs for Stolen API Keys
As cloud infrastructure becomes the backbone of modern enterprises, ensuring the security of these environments is paramount. With AWS (Amazon Web Services) still being the dominant cloud it is important for any security professional to know where to look for signs of compromise.
Emerging phishing campaign targeting AWS accounts
Wiz Threat Research recently spotted a new phishing campaign targeting AWS accounts.
Worth Knowing
Microsoft Will Require MFA for Azure Services
Multifactor authentication enforcement for Azure portal, Microsoft Entrata admin center, and Intune admin center will begin October.
Your Feedback
Thanks for reading! We’ll be happy to get your claps 👏 or any feedback in the comments below.