Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cloud Platform. Show all posts

Major Security Flaw Discovered in Popular Cloud Logging Tool

 



Researchers at Tenable have identified a severe memory corruption vulnerability in Fluent Bit, an open-source logging utility integral to major cloud services. With over 3 billion downloads as of 2022 and an additional 10 million deployments daily, Fluent Bit is a cornerstone of cloud infrastructure used by prominent organisations such as VMware, Cisco, Adobe, Walmart, LinkedIn, and cloud giants like AWS, Microsoft, and Google Cloud.

The issue, dubbed "Linguistic Lumberjack" by Tenable, stems from how Fluent Bit's embedded HTTP server handles trace requests. The vulnerability can be exploited to cause denial of service (DoS), data leaks, or even remote code execution (RCE) in cloud environments.

"While vulnerabilities in major cloud providers like Azure, AWS, and GCP grab headlines, it's crucial to scrutinise the underlying technologies these services rely on," says Jimi Sebree, senior staff research engineer at Tenable. "Critical components like Fluent Bit, which are embedded in many cloud services, pose significant risks if compromised."

Tenable's researchers stumbled upon this flaw while investigating another security issue in a cloud service. They discovered they could access various internal metrics and logging endpoints of the cloud service provider, which included Fluent Bit instances. This cross-tenant data leakage revealed a more profound problem.

The vulnerability lies in the /api/v1/traces endpoint of Fluent Bit's monitoring API. The service fails to validate data types properly, allowing attackers to input non-string values that cause memory corruption. By manipulating these inputs, attackers can crash the service and leak sensitive data. Although exploiting this for RCE would require sophisticated, targeted efforts, the potential for harm remains high.

The bug affects Fluent Bit versions 2.0.7 through 3.0.3 and is tracked under CVE-2024-4323, with critical CVSS scores exceeding 9.5 out of 10. After reporting the issue on April 30, Fluent Bit's developers promptly addressed it by validating input data types in the problematic endpoint. The fix was implemented in the project's main branch on GitHub by May 15.

Organisations using Fluent Bit are strongly advised to update their software to the latest version immediately. Alternatively, administrators should review and restrict access to Fluent Bit's monitoring API to authorised users only, or disable it entirely if feasible.

The discovery of this vulnerability accentuates the importance of scrutinising not just the cloud services themselves but also the foundational technologies they depend on. Ensuring the security of tools like Fluent Bit is vital for maintaining the integrity of cloud environments across industries.



AI's Swift Impact on the IT Industry

The integration of Artificial Intelligence (AI) in the Information Technology (IT) industry is poised to bring about rapid and profound changes. As businesses seek to stay ahead in an increasingly competitive landscape, the adoption of AI technologies promises to revolutionize how IT operations are managed and drive innovation at an unprecedented pace.

According to a recent report by ZDNet, the impact of AI on the IT industry is set to be both swift and far-reaching. The article highlights how AI-powered solutions are automating tasks that were once time-consuming and labour-intensive. This shift allows IT professionals to focus on higher-level strategic initiatives, enhancing productivity and efficiency across the board.

IDC, a renowned market intelligence firm, supports this view in its latest research. The report underscores that AI technologies are becoming indispensable tools for businesses seeking to streamline operations and gain a competitive edge. IDC predicts a significant surge in AI adoption across various sectors, underlining the transformative potential of this technology.

Furthermore, the 2023 Enterprise IoT and OT Threat Report by Zscaler ThreatLabz sheds light on the crucial role AI plays in securing the expanding landscape of enterprise IoT and OT devices. As the Internet of Things continues to grow, so do the associated security risks. AI-powered threat detection and response systems are proving to be instrumental in safeguarding networks against evolving cyber threats.

The convergence of AI and IT is driving innovation across domains such as cloud computing, cybersecurity, and data analytics. Cloud platforms are leveraging AI to optimize resource allocation and enhance performance, while cybersecurity solutions are using AI to detect and respond to threats in real-time.

Organizational structures are changing as a result of AI's incorporation into the IT sector. Organizations are reaching new heights in terms of productivity, security, and innovation thanks to the quick adoption of AI technology. Enterprises adopting AI will have an advantage in navigating the opportunities and difficulties presented by the changing IT ecosystem in the future. The revolutionary potential of artificial intelligence is undoubtedly linked to the future of IT.

ServiceNow Data Exposure Flaw Raises Concerns

ServiceNow, a popular enterprise cloud platform, was found to have a serious data exposure vulnerability. Concerns concerning the security of sensitive data in cloud-based systems have been highlighted by this occurrence, which has shocked the cybersecurity community.

According to reports from cybersecurity experts and firms, the vulnerability in ServiceNow's infrastructure could potentially lead to unauthorized access to sensitive data. The flaw, if exploited, could allow malicious actors to gain access to confidential information stored within the platform, posing a significant risk to organizations relying on ServiceNow for their day-to-day operations.

Enumerated, a cybersecurity firm, was among the first to identify and report the flaw. They disclosed that the issue stemmed from a misconfiguration in ServiceNow's security settings, leaving a gap that could be exploited by cybercriminals. This revelation has prompted immediate action from ServiceNow, as they work tirelessly to rectify the situation and implement robust security measures.

Salesforce, a leading cloud-based customer relationship management platform, was also mentioned in connection with the data exposure issue. While the exact nature of the link between Salesforce and ServiceNow remains unclear, experts speculate that this incident might highlight a broader concern regarding the security of cloud-based platforms and the need for enhanced vigilance in safeguarding sensitive data.

The cybersecurity community, along with industry experts, has been vocal about the importance of regular security audits and assessments for cloud-based platforms. This incident serves as a stark reminder of the potential risks associated with relying on third-party providers for critical business functions.

As the investigation into this data exposure flaw continues, organizations using ServiceNow are advised to review their security protocols and take immediate steps to mitigate potential risks. This includes ensuring that access controls and permissions are configured correctly and conducting thorough vulnerability assessments to identify and address any potential security gaps.

The ServiceNow data exposure vulnerability highlights how important it is for cloud-based platforms to have strong cybersecurity safeguards. It acts as a wake-up call for businesses, encouraging them to give security first priority and take preventative measures to protect sensitive data in an increasingly linked digital world.

Microsoft: Disruptions in Outlook, Cloud Platform Services Were Caused by a Cyberattack


Earlier this June, some periodic but significant disruptions could be seen in Microsoft’s flagship office suite. That cyberattack disrupted services of Microsoft affiliated apps like Outlook email and OneDrive file sharing app along with cloud computing platform. After the attack was confirmed, an anonymous hacktivist seems to have taken the blame, claiming to have flooded the sites with traffic through their distributed denial-of-service (DDoS) attacks.

Microsoft was initially hesitant to admit that DDoS attacks by the murky upstart were to blame, but has since admitted that this was the case.

Although, they did not immediately confirm the number of customers affected by the attack or whether it had any global impact, Microsoft has now provided certain details on the matter.

A Microsoft spokesperson stated that the threat group behind the attacks has confirmed to have been ‘Anonymous Sudan.’ At the time, it took ownership of the situation via its Telegram social media channel. Some cybersecurity experts think the group is based in Russia.

On Friday, an explanation on the matter by Microsoft was published in a blog post following a request from The Associated Press made two days prior. The post, which was sparse on data, stated that the attacks "temporarily impacted availability" of some services. According to the report, the attackers targeted "disruption and publicity" and used probable rented cloud infrastructure and virtual private networks to flood Microsoft servers with attacks from so-called botnets of zombie machines spread around the world.

According to Microsoft, there is no proof that any customer information was accessed or compromised.

In regards to the severity of attacks, Jake Williams, a prominent cybersecurity researcher and a former NSA offensive hacker says “We really have no way to measure the impact if Microsoft doesn’t provide that info.” William added he was unaware of Outlook being attacked previously at this scale.

“We know some resources were inaccessible for some, but not others. This often happens with DDoS of globally distributed systems,” Williams added. “Microsoft’s apparent unwillingness to provide an objective measure of customer impact probably speaks to the magnitude,” he said.

While DDoS attacks do not come under the severity radar in cyber activities since they only make websites inaccessible without even penetrating them, security professionals believe that they can however disrupt the operations of several million of online users if they are successful in exploiting services of software service giants, like Microsoft, since a large chunk of global commerce rely on such organizations.

Security Flaw in AWS S3 Possess Security Threat for Business Organizations

 

New security flaws have emerged in the AWS’ Amazon Simple Storage Service (S3) buckets which are now exposed via additional channels and APIs, which create new security loopholes allowing hackers to exploit. 

The flaw in cloud platforms has given threat actors an opportunity to steal data from various organizations. Several industries such as finance, fintech, retail, manufacturing, enterprise software, and more, have failed to implement the most efficient threat detection tools to ensure their data is properly secured in the cloud. The companies are essentially blind when it comes to files that originate from external sources, internal company assets, etc. 

In each scenario, the blend of file types may vary depending on the business, but most files fall under the high-risk category and should be properly examined. Content-borne risks include malware, ransomware, APTs, embedded malicious links, evasion attempts, and more which are well hidden in different file types including Word (.doc, .docm, .docx), Excel (.xls, .xlsx, .xlsm, etc.), PowerPoint (.ppt, .pptx, .pptm), Adobe (.pdf), archive files, text files, executables, and even email (.eml) files. 

Maor Hizkiev, CTO and co-founder of BitDam notes that the average office worker now spends up to 80% of their time collaborating with their managers and colleagues using collaboration tools such as instant messaging, Dropbox, Google Drive, or OneDrive, however, many collaboration tools lack adequate security.

Hence, modern threat detection tools are required to detect the threats and mitigate them quickly. Threat detection tools must be able to scan 100 percent of files dynamically and in a matter of seconds and should deliver high detection rates and low false positives. 

Previously, sandbox technology was used to scan the files but due to its slow nature companies were forced to be selective concerning which files to scan. This increases the risk for the infiltration of malicious content, and this is what attackers are exploiting. 

Security Recommendations 

Security analysts have advised organizations and business application providers to remain vigilant regarding their security and realize that S3 bucket security is a blind spot due to the changing use cases and data workflows. Meanwhile, they should also upgrade their threat detection tools.

Organizations should adopt the cloud-native solution which can easily scan 100 percent of their S3 content in seconds – both files and URLs at the CPU level. The cloud-native solution detects security loopholes by scanning the entire execution flow to identify malicious activity. Another important element that companies should consider is access to an incident response team. Organizations must be vigilant while selecting the right service for comprehensive S3 bucket protection at the speed and scale of their business.