CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

New Microsoft Azure Vulnerability Uncovered — EmojiDeploy for RCE Attacks

admin by admin
January 19, 2023
in Information Security


Jan 19, 2023Ravie LakshmananCloud Security / Data Security

A new critical remote code execution (RCE) flaw discovered impacting multiple services related to Microsoft Azure could be exploited by a malicious actor to completely take control of a targeted application.

“The vulnerability is achieved through CSRF (cross-site request forgery) on the ubiquitous SCM service Kudu,” Ermetic researcher Liv Matan said in a report shared with The Hacker News. “By abusing the vulnerability, attackers can deploy malicious ZIP files containing a payload to the victim’s Azure application.”

The Israeli cloud infrastructure security firm, which dubbed the shortcoming EmojiDeploy, said it could further enable the theft of sensitive data and lateral movement to other Azure services.

Microsoft has since fixed the vulnerability as of December 6, 2022, following responsible disclosure on October 26, 2022, in addition to awarding a bug bounty of $30,000.

The Windows maker describes Kudu as the “engine behind a number of features in Azure App Service related to source control based deployment, and other deployment methods like Dropbox and OneDrive sync.”

In a hypothetical attack chain devised by Ermetic, an adversary could exploit the CSRF vulnerability in the Kudu SCM panel to defeat safeguards put in place to thwart cross-origin attacks by issuing a specially crafted request to the “/api/zipdeploy” endpoint to deliver a malicious archive (e.g., web shell) and gain remote access.

Cross-site request forgery, also known as sea surf or session riding, is an attack vector whereby a threat actor tricks an authenticated user of a web application into executing unauthorized commands on their behalf.

The ZIP file, for its part, is encoded in the body of the HTTP request, prompting the victim application to navigate to an actor-control domain hosting the malware via the server’s same-origin policy bypass.

“The impact of the vulnerability on the organization as a whole depends on the permissions of the applications managed identity,” the company said. “Effectively applying the principle of least privilege can significantly limit the blast radius.”

The findings come days after Orca Security revealed four instances of server-side request forgery (SSRF) attacks impacting Azure API Management, Azure Functions, Azure Machine Learning, and Azure Digital Twins.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Use AWS WAF CAPTCHA to protect your application against common bot traffic

Next Post

Illustrateknowledge

Related Posts

Information Security

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

by admin
February 2, 2023
Information Security

AWS achieves ISO 20000-1:2018 certification for 109 services

by admin
February 2, 2023
Information Security

Everything you need to know

by admin
February 2, 2023
Information Security

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

by admin
February 1, 2023
Information Security

How to set up ongoing replication from your third-party secrets manager to AWS Secrets Manager

by admin
February 1, 2023
Next Post

Illustrateknowledge

Recommended

Initiatetogoapproach

February 2, 2023

New Russian-Backed Gamaredon’s Spyware Variants Targeting Ukrainian Authorities

February 2, 2023

AWS achieves ISO 20000-1:2018 certification for 109 services

February 2, 2023

Everything you need to know

February 2, 2023

Influentialleadership ~ Future of CIO

February 1, 2023

Researchers Uncover New Bugs in Popular ImageMagick Image Processing Utility

February 1, 2023

© 2022 CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.