Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Severe Flaw in Google Cloud’s Cloud SQL Service Exposed Confidential Data

    justmattgBy justmattgMay 26, 2023No Comments2 Mins Read

    [ad_1]

    May 26, 2023Ravie LakshmananData Safety / Cloud Security

    Google Cloud's Cloud SQL Service

    A new security flaw has been disclosed in the Google Cloud Platform’s (GCP) Cloud SQL service that could be potentially exploited to obtain access to confidential data.

    “The vulnerability could have enabled a malicious actor to escalate from a basic Cloud SQL user to a full-fledged sysadmin on a container, gaining access to internal GCP data like secrets, sensitive files, passwords, in addition to customer data,” Israeli cloud security firm Dig said.

    Cloud SQL is a fully-managed solution to build MySQL, PostgreSQL, and SQL Server databases for cloud-based applications.

    The multi-stage attack chain identified by Dig, in a nutshell, leveraged a gap in the cloud platform’s security layer associated with SQL Server to escalate the privileges of a user to that of an administrator role.

    The elevated permissions subsequently made it possible to abuse another critical misconfiguration to obtain system administrator rights and take full control of the database server.

    Cloud SQL

    From there, a threat actor could access all files hosted on the underlying operating system, enumerate files, and extract passwords, which could then act as a launchpad for further attacks.

    “Gaining access to internal data like secrets, URLs, and passwords can lead to exposure of cloud providers’ data and customers’ sensitive data which is a major security incident,” Dig researchers Ofir Balassiano and Ofir Shaty said.

    UPCOMING WEBINAR

    Zero Trust + Deception: Learn How to Outsmart Attackers!

    Discover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy. Join our insightful webinar!

    Save My Seat!

    Following responsible disclosure in February 2023, the issue was addressed by Google in April 2023.

    The disclosure comes as Google announced the availability of its Automatic Certificate Management Environment (ACME) API for all Google Cloud users to automatically acquire and renew TLS certificates for free.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleHow Safe Is Your Wearable Device?
    Next Article UK MPs examine Met police use of facial recognition
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑