Last Week in Cloud Security — July 11

Omer Shliva

Published in

cloud-security-research

2 min readJul 11, 2024

July 04 — July 11

Vulnerabilities and Case Studies

Upwind Discovers New ArgoCD CVE-2024–37152 & Takes Over a Kubernetes Cluster

The Upwind research team is constantly monitoring the evolving threat landscape for emerging threats and vulnerabilities, and we recently discovered a new Unauthenticated Access vulnerability in ArgoCD — CVE-2024–37152.

READ MORE

Who polices your policies? Azure policy abuse for privileges escalation and persistence

The Azure Policy is one of hundreds of services within the Microsoft Azure universe, but it holds a special place of importance. This service is a major source of compliance rules. It’s also a repository of best practices and guidance from Microsoft for how to configure your cloud services securely, including policies for many of Azure’s baseline security recommendations, to help users audit for compliance. The Policy service can even aid in remediation at scale.

READ MORE

New APT Group “CloudSorcerer” Targets Russian Government Entities

Cybersecurity firm Kaspersky, which discovered the activity in May 2024, said the tradecraft adopted by the threat actor bears similarities with that of CloudWizard, but pointed out the differences in the malware source code. The attacks wield an innovative data-gathering program and a slew of evasion tactics for covering its tracks.

READ MORE

Defending Against the Latest Ghostscript Vulnerability (CVE-2024–29510)

Bleeping Computer has recently reported on a new vulnerability within Ghostscipt, a widely used library for handling PostScript and PDF files. For those who process documents, especially ones provided by third parties, this vulnerability poses a serious threat as attackers are already exploiting this flaw. Because the vulnerability can lead to remote code execution (RCE), organizations should take immediate action to protect themselves.

READ MORE