Sensitive data compromise could have been achieved through the exploitation of the recently patched Google Cloud Run privilege escalation flaw dubbed "ImageRunner," according to SecurityWeek.
Threat actors with specific permissions on targeted users' projects could leverage ImageRunner to modify and infiltrate the Cloud Run serverless platform to not only access proprietary images but also facilitate secret extraction and data exfiltration, said Tenable researchers, who discovered and reported the vulnerability. More technical information and procedures regarding its exploitation have also been provided by Tenable. Meanwhile, Google Cloud said the issue is completely remediated by an update released in late January. Such an update "ensures Cloud Run deployments now include an IAM check to ensure the deployer has read access to the container image. Previously, an explicit IAM permission was checked only when deploying a container image from another Google Cloud project," noted a Google Cloud spokesperson.
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Organizations using Ivanti Connect Secure and Pulse Secure VPN systems have been urged to update their instances following a ninefold increase in suspicious IP scanning activity recorded on Apr. 18, The Register reports.
Security Affairs reports that cloud tenants in the education industry have been targeted by the Storm-1977 threat operation in password spraying attacks that facilitated cryptomining activities during the past 12 months.
