Last Week in Cloud Security — July 11
July 04 — July 11
Vulnerabilities and Case Studies
Upwind Discovers New ArgoCD CVE-2024–37152 & Takes Over a Kubernetes Cluster
The Upwind research team is constantly monitoring the evolving threat landscape for emerging threats and vulnerabilities, and we recently discovered a new Unauthenticated Access vulnerability in ArgoCD — CVE-2024–37152.
Who polices your policies? Azure policy abuse for privileges escalation and persistence
The Azure Policy is one of hundreds of services within the Microsoft Azure universe, but it holds a special place of importance. This service is a major source of compliance rules. It’s also a repository of best practices and guidance from Microsoft for how to configure your cloud services securely, including policies for many of Azure’s baseline security recommendations, to help users audit for compliance. The Policy service can even aid in remediation at scale.
New APT Group “CloudSorcerer” Targets Russian Government Entities
Cybersecurity firm Kaspersky, which discovered the activity in May 2024, said the tradecraft adopted by the threat actor bears similarities with that of CloudWizard, but pointed out the differences in the malware source code. The attacks wield an innovative data-gathering program and a slew of evasion tactics for covering its tracks.
Defending Against the Latest Ghostscript Vulnerability (CVE-2024–29510)
Bleeping Computer has recently reported on a new vulnerability within Ghostscipt, a widely used library for handling PostScript and PDF files. For those who process documents, especially ones provided by third parties, this vulnerability poses a serious threat as attackers are already exploiting this flaw. Because the vulnerability can lead to remote code execution (RCE), organizations should take immediate action to protect themselves.
Posture Management
Are SOC 2 Reports Sufficient for Vendor Risk Management?
SOC 2 reports are a valuable tool for evaluating vendor security, but they shouldn’t be the only piece of the puzzle.
Worth Knowing
Cloud-Based Investigations Platform Targets Complexity in Incident Response
Software-as-a-service company Command Zero launches with a platform for investigating cybersecurity incidents that aims to minimize the grunt work.
Your Feedback
Thanks for reading! We’ll be happy to get your claps 👏 or any feedback in the comments below.