Cloud Security
Misconfigured cloud registries expose millions of artifacts
Over 250 million artifacts and more than 65,000 container images have been discovered in thousands of misconfigured cloud software registries, according to SecurityWeek.
Organizations of all sizes worldwide, including ten Fortune 500 firms, owned the impacted registries, but only registries of five Fortune 500 companies had highly sensitive data, a report from Aqua Security revealed. One of the two misconfigured container image registries owned by an international tech firm enabled the download of artifacts, with threat actors obtaining an active API key for internal binary downloads.
"We later learned that this was a case of Shadow IT, where a developer with a side project opened an environment against policy and regulations without proper controls," said Aqua Security, which noted that the exposure had already been addressed by the tech company.
Researchers also noted a healthcare organization to have an exposed container image registry with PGP keys and staging environment, Stripe payment app key, and code access, which could have been targeted by state-sponsored or financial attackers.
An In-Depth Guide to Cloud Security
Get essential knowledge and practical strategies to fortify your cloud security.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds