CP
cyberpings

Hybrid Clouds - Security Risks from Dual Attack Surfaces

Researchers have uncovered vulnerabilities in hybrid cloud management tools, highlighting significant security risks. Organizations using these tools must enhance their security measures to protect both on-prem and cloud resources.

Cloud SecurityMEDIUMUpdated: Published:
Featured image for Hybrid Clouds - Security Risks from Dual Attack Surfaces

Original Reporting

REThe Register Security

AI Summary

CyberPings AIΒ·Reviewed by Rohit Rana

🎯Basically, hybrid clouds can be attacked from both on-prem and cloud sides, so security needs to be better managed.

What Happened

Researchers from Cymulate presented at Black Hat Asia, revealing significant vulnerabilities in Microsoft's Windows Admin Center (WAC). They identified four CVEs that expose hybrid cloud management tools as dual attack surfaces. These flaws allow attackers to exploit on-prem resources to target cloud systems and vice versa.

The Flaw

The vulnerabilities stem from improper protections in WAC's directory and issues with how access tokens are validated. The directory where the on-prem version resides was not write-protected, enabling potential malware deployment. Additionally, the POP token used for resource management can be reused or forged, allowing unauthorized access to virtual machines.

Who's Affected

Organizations using hybrid cloud environments, particularly those leveraging Microsoft's WAC, are at risk. The researchers highlighted that many users may not be paying enough attention to these vulnerabilities, which could lead to significant security breaches.

What Data Was Exposed

While the vulnerabilities have been patched, the potential for exploitation remains a concern. The most severe CVE has a CVSS score of 7.8, indicating a high severity level. Although there is no evidence of active exploitation, the implications for data security are serious.

What You Should Do

Organizations should treat their hybrid management plane as a critical attack surface. Here are some recommended actions:

Immediate

  • 1.Monitor both cloud and on-prem systems closely to detect any unusual activity.
  • 2.Review access controls for identities operating between on-prem and cloud resources.

Conclusion

The findings from Cymulate serve as a wake-up call for organizations utilizing hybrid cloud solutions. As the landscape of cybersecurity continues to evolve, understanding and mitigating risks associated with dual attack surfaces is essential for maintaining security integrity.

πŸ”’ Pro Insight

πŸ”’ Pro insight: The identified CVEs underscore the necessity for comprehensive monitoring and security practices in hybrid cloud environments to prevent cross-surface attacks.

REThe Register Security
Read Original

Share

Related Pings

Preview image for Malicious KICS Docker Images Target Checkmarx Supply Chain, Credential Theft Confirmed
Cloud Security
HIGH

Malicious KICS Docker Images Target Checkmarx Supply Chain, Credential Theft Confirmed

A major supply chain attack has compromised Checkmarx's KICS Docker images and VS Code extensions, leading to credential theft and unauthorized data exfiltration. Organizations are urged to take immediate action to secure their systems.

THThe Hacker News+1 more
Read PingRead Source
Preview image for SBOMs Failing - Supply Chain Attacks Surge Amid Confusion
Cloud Security
HIGH

SBOMs Failing - Supply Chain Attacks Surge Amid Confusion

Despite the introduction of SBOMs and VEX, supply chain attacks are increasing. Organizations struggle with interpreting data, leading to vulnerabilities. A governance-driven approach is essential for better decision-making.

SWSecurityWeek
Read PingRead Source
Preview image for Microsoft Cloud Print Issues - Traced to Graph API Code Change
Cloud Security
HIGH

Microsoft Cloud Print Issues - Traced to Graph API Code Change

Microsoft has identified ongoing issues with Universal Print due to a recent Graph API code change. Users are experiencing share creation errors. Affected users can follow provided workarounds until a fix is deployed.

BCBleepingComputer
Read PingRead Source
Preview image for Software Bill of Materials - Explained for Developers
Cloud Security
HIGH

Software Bill of Materials - Explained for Developers

A Software Bill of Materials (SBOM) is essential for tracking software components and enhancing security. It helps developers manage risks in their software supply chains. Understanding SBOMs is increasingly vital as regulations emerge.

CSCSO Online
Read PingRead Source
Preview image for Cloudflare's Agent Lee - New AI Assistant Simplifies Management
Cloud Security
MEDIUM

Cloudflare's Agent Lee - New AI Assistant Simplifies Management

Cloudflare has launched Agent Lee, an AI assistant that simplifies account management. It helps users troubleshoot issues and manage resources through natural language prompts, enhancing overall efficiency. This innovative tool is currently in beta, serving thousands of users daily.

CFCloudflare Blog
Read PingRead Source
Preview image for Fortinet Architect Warns of OT Cloud Convergence Risk
Cloud Security
HIGH

Fortinet Architect Warns of OT Cloud Convergence Risk

Fortinet's Robert Imhof warns about the risks of OT and cloud convergence. This creates vulnerabilities in critical infrastructure. Unified security measures are essential to mitigate these risks.

SCSC Media
Read PingRead Source