Artificial Intelligence | News | Insights | AiThority
[bsfp-cryptocurrency style=”widget-18″ align=”marquee” columns=”6″ coins=”selected” coins-count=”6″ coins-selected=”BTC,ETH,XRP,LTC,EOS,ADA,XLM,NEO,LTC,EOS,XEM,DASH,USDT,BNB,QTUM,XVG,ONT,ZEC,STEEM” currency=”USD” title=”Cryptocurrency Widget” show_title=”0″ icon=”” scheme=”light” bs-show-desktop=”1″ bs-show-tablet=”1″ bs-show-phone=”1″ custom-css-class=”” custom-id=”” css=”.vc_custom_1523079266073{margin-bottom: 0px !important;padding-top: 0px !important;padding-bottom: 0px !important;}”]

Dig Security Uncovers Vulnerability in GCP CloudSQL Service Exposing Provider and Customer Data, Remediates Issues

TechnologyCloudNews
By PRNewswire

Dig, the cloud data security leader,released new threat research highlighting the discovery of a critical vulnerability in the Google Cloud Platform (GCP) CloudSQL service. The vulnerability could have enabled a malicious actor to escalate from a basic CloudSQL user to a full-fledged sysadmin on a container, gaining access to internal GCP data like secrets, sensitive files, passwords, in addition to customer data.

Latest Insights: Why Only AI and Data Analytics Can Stop Financial Criminals

Dig’s research team identified the vulnerability through a gap in GCP’s security layer. This vulnerability enabled them to escalate initial privilege and add a user to the DbRootRole role, a GCP admin role. Another critical misconfiguration in the roles permissions architecture enabled Dig’s researchers to further escalate their privilege, eventually granting their user the sysadmin role. They bypassed the barrier and got full control on the SQL Server.

Assuming complete control on the database engine, Dig’s researchers gained access to the operating system hosting the database. At this point they could access sensitive files in the host OS, list files and sensitive paths, read passwords and extract secrets from the machine. The host also gained access to the underlying.

While the Dig research team got access to the operating system, they managed to find some of Google’s internal URLs related to the docker image repository. They were able to access the internal repo (which has since been fixed, and access is blocked from non internal IPs).

Related Posts

Lightning AI Raises $50Million to Simplify and Scale AI Development For Enterprises and Developers

Teach Mode Is Here: rabbit Gives Consumers Power to Create Custom AI Agents

Lumina AI Welcomes Jason Sultz to Advisory Board to Strengthen AI and Advanced Compute Expertise

1 of 40,672

AiThority: The 3 Building Blocks to Make AI Accessible

Upon discovering the vulnerabilities, Dig’s research team followed coordinated disclosure practices with Google, and all issues were remediated swiftly.

“Cloud data assets are the main target of today’s cyberattacks,” said Dan Benjamin, Co-Founder and CEO, Dig Security. “Data is the lifeblood of the modern enterprise, and GCP is one of the top public cloud providers. We chose to focus this threat research on CloudSQL because of its potential impact on customer data. We were proud to work closely with the Google team to patch the new security vulnerability swiftly and effectively.”

Read More: How ChatGPT Will Transform Customer Service

[To share your insights with us, please write to sghosh@martechseries.com]

PRNewswire

PR Newswire, a Cision company, is the premier global provider of multimedia platforms and distribution that marketers, corporate communicators, sustainability officers, public affairs and investor relations officers leverage to engage key audiences. Having pioneered the commercial news distribution industry over 60 years ago, PR Newswire today provides end-to-end solutions to produce, optimize and target content -- and then distribute and measure results. Combining the world's largest multi-channel, multi-cultural content distribution and optimization network with comprehensive workflow tools and platforms, PR Newswire powers the stories of organizations around the world. PR Newswire serves tens of thousands of clients from offices in the Americas, Europe, Middle East, Africa and Asia-Pacific regions.

You might also like More from author

Comments are closed.