Tuesday , November 5 2024
diagram

Researchers unveil ConfusedFunction Vulnerability in Google Cloud Platform

Tenable security researchers found a vulnerability in Google Cloud Platform’s Cloud Functions service that could allow an attacker to access other services and sensitive data without permission. Tenable has given the vulnerability the name ConfusedFunction.

“An attacker could escalate their privileges to the Default Cloud Build Service Account and access numerous services such as Cloud Build, storage (including the source code of other functions), artifact registry and container registry,” the exposure management company said in a statement.

GitHub launched an AI tool to build apps without code

GitHub has launched an AI tool called 'Spark' that allows users to create apps using natural language, eliminating the need...
Read More
GitHub launched an AI tool to build apps without code

Hacker offer Titas gas root access to sale

"A threat actor has reportedly claimed to gain root-level access to Titas Gas’s firewall server and is actively offering this...
Read More
Hacker offer Titas gas root access to sale

New malware FakeCall intercepts your calls to the bank

Zimperium researchers have found a new version of FakeCall malware for Android that threatens financial security. This malware redirects users'...
Read More
New malware FakeCall intercepts your calls to the bank

Hikvision Patches Security Flaw in Network Cameras

Hikvision, a top provider of network cameras, has issued firmware updates to fix a security vulnerability that could reveal users'...
Read More
Hikvision Patches Security Flaw in Network Cameras

SonicWall report
Government Sector faces 236% Surge in Malware Attacks

Global threat actors have significantly increased attacks on government sectors, with malware-driven attempts rising by triple digits in the first...
Read More
SonicWall report  Government Sector faces 236% Surge in Malware Attacks

Bangladesh Kubernetes User Group Meetup successfully completed

Meetup of Bangladesh Kubernetes User Group was held at Banani Club 9294, Dhaka on Thursday, 31 October 2024. A lively...
Read More
Bangladesh Kubernetes User Group Meetup successfully completed

Bangladesh Bank issues cyber threat alert

Bangladesh Bank issues alert on cyber threat. In its alert the central bank said, according to Bangladesh cyber security intelligence...
Read More
Bangladesh Bank issues cyber threat alert

Hacker claim data breach: bank confirms blaming third party

Interbank, a major financial institution in Peru, has confirmed a data breach after a hacker leaked stolen data online. Formerly...
Read More
Hacker claim data breach: bank confirms blaming third party

CISA Launches Its First Ever International Strategic Plan

The US Cybersecurity and Infrastructure Security Agency (CISA) has released its first international strategic plan to enhance global cooperation in...
Read More
CISA Launches Its First Ever International Strategic Plan

Rented bank account used to illegal transection: 5 arrested

The Indian Cyber Crime Coordination Centre (I4C) has warned about illegal payment gateways set up by transnational cyber criminals using...
Read More
Rented bank account used to illegal transection: 5 arrested

“This access allows for lateral movement and privilege escalation in a victim’s project, to access unauthorized data and even update or delete it.”

“Cloud Functions is a serverless platform for creating single-purpose functions triggered by specific Cloud events, eliminating the need to manage servers or update frameworks.”

Tenable found an issue related to the creation of a Cloud Build service account, which is automatically linked to a Cloud Build instance when a Cloud Function is created or updated.

This service account has too many permissions, which can lead to potential malicious activity. An attacker with access can exploit this by creating or updating a Cloud Function to gain higher privileges using this vulnerability.

The permission allows access to Google Cloud services created alongside Cloud Function, such as Cloud Storage, Artifact Registry, and Container Registry. In a potential attack, ConfusedFunction could be used to expose the Cloud Build service account token through a webhook.

Google has updated the default behavior of Cloud Build to use the Compute Engine default service account and prevent misuse. It’s important to mention that these changes only affect new instances, not existing ones.

“The ConfusedFunction vulnerability highlights the problematic scenarios that may arise due to software complexity and inter-service communication in a cloud provider’s services,” Tenable researcher Liv Matan said.

“While the GCP fix has reduced the severity of the problem for future deployments, it didn’t completely eliminate it. That’s because the deployment of a Cloud Function still triggers the creation of the aforementioned GCP services. As a result, users must still assign minimum but still relatively broad permissions to the Cloud Build service account as part of a function’s deployment.”

Outpost24 identified a medium-severity cross-site scripting (XSS) flaw in the Oracle Integration Cloud Platform that could allow for the injection of malicious code into the application.

The flaw, which is rooted in the handling of the “consumer_url” parameter, was resolved by Oracle in its Critical Patch Update (CPU) released earlier this month.

Source: thehackernews, tenable

Check Also

Internet archive

2nd time hacker breached Internet Archive

The Internet Archive was breached again, this time through their Zendesk email support platform, following …

Leave a Reply

Your email address will not be published. Required fields are marked *