Cloud Security Podcast

Vulnerabilities in AWS, GCP and Azure - Cloud Security News

Listen Later

Cloud Security News this week - 22 September 2021

  • AWS, Google Cloud and Azure have all been busy last few weeks fixing and patching Vulnerabilities. In addition to Azure's OMIGOD flaws which we covered in last week’s episode, Google Cloud reported that some of their load balancers were routing to an Identity-Aware Proxy (IAP) enabled Backend Service which could have been vulnerable to an untrusted party. Google Cloud have confirmed that this issue has been resolved.
  • Rhino Security Labs have discovered a vulnerability in AWS WorkSpaces, amazon’s virtual desktop. Exploiting this vulnerability allows commands to be executed if a victim opens a malicious WorkSpaces URI from their browser.  Rhino reported the vulnerability to Amazon and it was promptly patched.
  • Attackers have begun to exploit critical Microsoft Azure vulnerabilities that were reported in last week’s episode. The OMIGOD flaws, discovered by the Wiz Research Team have since been patched by microsoft. New data indicates that attackers are scanning the Web for Azure Linux virtual machines that are vulnerable. If successful, an attacker could become root on a remote machine.
  • For organisations and enterprises cloud is about improved flexibility, scalability, and cost-effectiveness. For cybercriminals, Cloud is an environment filled with poorly secured enterprise data, applications, and online assets. IBM in their recently released Security X-Force Cloud Threat Landscape Report highlight increased attacker interest in the thriving black market for stolen credentials used to access enterprise accounts and resources on public cloud platforms. IBM X-Force discovered about  30,000 cloud credentials potentially available for sale on Dark Web and Prices for these credentials ranged from a few dollars to more than $15,000 per credential, based on the level of access and the amount of credit associated with an account. Report available here

    • Episode Show Notes on Cloud Security Podcast Website.

    Podcast Twitter - Cloud Security Podcast (@CloudSecPod)

    If you want to watch videos of this LIVE STREAMED episode and past episodes, check out:

    - Cloud Security Podcast:

    - Cloud Security Academy:

    ...more
    View all episodesView all episodes
    Download on the App Store
    Cloud Security PodcastBy Cloud Security Podcast Team
    • 5
    • 5
    • 5
    • 5
    • 5

    5

    54 ratings

    More shows like Cloud Security Podcast

    View all
    Risky Business by Patrick Gray

    Risky Business

    360 Listeners

    SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

    SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

    628 Listeners

    The Cloudcast by Massive Studios

    The Cloudcast

    153 Listeners

    Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

    Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

    368 Listeners

    CyberWire Daily by N2K Networks

    CyberWire Daily

    1,012 Listeners

    AWS Podcast by Amazon Web Services

    AWS Podcast

    201 Listeners

    Smashing Security by Graham Cluley & Carole Theriault

    Smashing Security

    313 Listeners

    Malicious Life by Malicious Life

    Malicious Life

    926 Listeners

    Darknet Diaries by Jack Rhysider

    Darknet Diaries

    7,842 Listeners

    Cybersecurity Today by Jim Love

    Cybersecurity Today

    164 Listeners

    CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

    CISO Series Podcast

    187 Listeners

    Hacking Humans by N2K Networks

    Hacking Humans

    311 Listeners

    Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

    Defense in Depth

    78 Listeners

    Cyber Security Headlines by CISO Series

    Cyber Security Headlines

    119 Listeners

    Risky Bulletin by risky.biz

    Risky Bulletin

    33 Listeners