CIO News Hubb
Advertisement
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact
No Result
View All Result
CIO News Hubb
No Result
View All Result
Home Information Security

Severe Flaw in Google Cloud’s Cloud SQL Service Exposed Confidential Data

admin by admin
May 27, 2023
in Information Security


May 26, 2023Ravie LakshmananData Safety / Cloud Security

A new security flaw has been disclosed in the Google Cloud Platform’s (GCP) Cloud SQL service that could be potentially exploited to obtain access to confidential data.

“The vulnerability could have enabled a malicious actor to escalate from a basic Cloud SQL user to a full-fledged sysadmin on a container, gaining access to internal GCP data like secrets, sensitive files, passwords, in addition to customer data,” Israeli cloud security firm Dig said.

Cloud SQL is a fully-managed solution to build MySQL, PostgreSQL, and SQL Server databases for cloud-based applications.

The multi-stage attack chain identified by Dig, in a nutshell, leveraged a gap in the cloud platform’s security layer associated with SQL Server to escalate the privileges of a user to that of an administrator role.

The elevated permissions subsequently made it possible to abuse another critical misconfiguration to obtain system administrator rights and take full control of the database server.

Cloud SQL

From there, a threat actor could access all files hosted on the underlying operating system, enumerate files, and extract passwords, which could then act as a launchpad for further attacks.

“Gaining access to internal data like secrets, URLs, and passwords can lead to exposure of cloud providers’ data and customers’ sensitive data which is a major security incident,” Dig researchers Ofir Balassiano and Ofir Shaty said.

UPCOMING WEBINAR

Zero Trust + Deception: Learn How to Outsmart Attackers!

Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!

Save My Seat!

Following responsible disclosure in February 2023, the issue was addressed by Google in April 2023.

The disclosure comes as Google announced the availability of its Automatic Certificate Management Environment (ACME) API for all Google Cloud users to automatically acquire and renew TLS certificates for free.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
Previous Post

Don’t fall for it! How scammers are tricking businesses with fake invoices

Next Post

Innovation

Related Posts

Information Security

Experts Unveil Exploit for Recent Windows Vulnerability Under Active Exploitation

by admin
June 9, 2023
Information Security

Temporary elevated access management with IAM Identity Center

by admin
June 9, 2023
Information Security

Don’t panic! These scammers don’t actually have photos of you

by admin
June 9, 2023
Information Security

Microsoft to Pay $20 Million Penalty for Illegally Collecting Kids’ Data on Xbox

by admin
June 8, 2023
Information Security

AWS Security Profile – Cryptography Edition: Valerie Lambert, Senior Software Development Engineer

by admin
June 8, 2023
Next Post

Innovation

Recommended

Experts Unveil Exploit for Recent Windows Vulnerability Under Active Exploitation

June 9, 2023

Temporary elevated access management with IAM Identity Center

June 9, 2023

Don’t panic! These scammers don’t actually have photos of you

June 9, 2023

Illustratenonlinearlogic

June 8, 2023

Microsoft to Pay $20 Million Penalty for Illegally Collecting Kids’ Data on Xbox

June 8, 2023

AWS Security Profile – Cryptography Edition: Valerie Lambert, Senior Software Development Engineer

June 8, 2023

© CIO News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Operations CIO
  • Visionary CIO
  • IT Management
  • Information Security
  • Contact

© 2022 CIO News Hubb All rights reserved.