Wednesday , June 4 2025
diagram

Researchers unveil ConfusedFunction Vulnerability in Google Cloud Platform

Tenable security researchers found a vulnerability in Google Cloud Platform’s Cloud Functions service that could allow an attacker to access other services and sensitive data without permission. Tenable has given the vulnerability the name ConfusedFunction.

“An attacker could escalate their privileges to the Default Cloud Build Service Account and access numerous services such as Cloud Build, storage (including the source code of other functions), artifact registry and container registry,” the exposure management company said in a statement.

New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

In March 2025, the Threatfabric mobile Threat Intelligence team identified Crocodilus, a new Android banking Trojan designed for device takeover....
Read More
New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Qualcomm has issued security patches for three zero-day vulnerabilities in the Adreno GPU driver, affecting many chipsets that are being...
Read More
Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Critical RCE Flaw Patched in Roundcube Webmail

Roundcube Webmail has fixed a critical security flaw that could enable remote code execution after authentication. Disclosed by security researcher...
Read More
Critical RCE Flaw Patched in Roundcube Webmail

Hacker claim Leak of Deloitte Source Code & GitHub Credentials

A hacker known as "303" claim to breach the company's systems and leaked sensitive internal data on a dark web...
Read More
Hacker claim Leak of Deloitte Source Code & GitHub Credentials

CISA Issued Guidance for SIEM and SOAR Implementation

CISA and ACSC issued new guidance this week on how to procure, implement, and maintain SIEM and SOAR platforms. SIEM...
Read More
CISA Issued Guidance for SIEM and SOAR Implementation

Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

The Qualys Threat Research Unit (TRU) found two local information-disclosure vulnerabilities in Apport and systemd-coredump. Both issues are race-condition vulnerabilities....
Read More
Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

Australia enacts mandatory ransomware payment reporting

New ransomware payment reporting rules take effect in Australia yesterday (May 30) for all organisations with an annual turnover of...
Read More
Australia enacts mandatory ransomware payment reporting

Why Govt Demands Foreign CCTV Firms to Submit Source Code?

Global makers of surveillance gear have clashed with Indian regulators in recent weeks over contentious new security rules that require...
Read More
Why Govt Demands Foreign CCTV Firms to Submit Source Code?

CVE-2023-39780
Botnet hacks thousands of ASUS routers

GreyNoise has discovered a campaign where attackers have gained unauthorized access to thousands of internet-exposed ASUS routers. This seems to...
Read More
CVE-2023-39780  Botnet hacks thousands of ASUS routers

Bangladesh Bank instructed using AI to prevent online gambling

The rise of online gambling in the country is leading to increased crime and societal issues. In response, the central...
Read More
Bangladesh Bank instructed using AI to prevent online gambling

“This access allows for lateral movement and privilege escalation in a victim’s project, to access unauthorized data and even update or delete it.”

“Cloud Functions is a serverless platform for creating single-purpose functions triggered by specific Cloud events, eliminating the need to manage servers or update frameworks.”

Tenable found an issue related to the creation of a Cloud Build service account, which is automatically linked to a Cloud Build instance when a Cloud Function is created or updated.

This service account has too many permissions, which can lead to potential malicious activity. An attacker with access can exploit this by creating or updating a Cloud Function to gain higher privileges using this vulnerability.

The permission allows access to Google Cloud services created alongside Cloud Function, such as Cloud Storage, Artifact Registry, and Container Registry. In a potential attack, ConfusedFunction could be used to expose the Cloud Build service account token through a webhook.

Google has updated the default behavior of Cloud Build to use the Compute Engine default service account and prevent misuse. It’s important to mention that these changes only affect new instances, not existing ones.

“The ConfusedFunction vulnerability highlights the problematic scenarios that may arise due to software complexity and inter-service communication in a cloud provider’s services,” Tenable researcher Liv Matan said.

“While the GCP fix has reduced the severity of the problem for future deployments, it didn’t completely eliminate it. That’s because the deployment of a Cloud Function still triggers the creation of the aforementioned GCP services. As a result, users must still assign minimum but still relatively broad permissions to the Cloud Build service account as part of a function’s deployment.”

Outpost24 identified a medium-severity cross-site scripting (XSS) flaw in the Oracle Integration Cloud Platform that could allow for the injection of malicious code into the application.

The flaw, which is rooted in the handling of the “consumer_url” parameter, was resolved by Oracle in its Critical Patch Update (CPU) released earlier this month.

Source: thehackernews, tenable

Check Also

ASUS routers

CVE-2023-39780
Botnet hacks thousands of ASUS routers

GreyNoise has discovered a campaign where attackers have gained unauthorized access to thousands of internet-exposed …

Leave a Reply

Your email address will not be published. Required fields are marked *