Cloud-Security

An authenticated remote attacker can exploit multiple vulnerabilities in Google Cloud Platform, specifically within GKE containerd, to achieve arbitrary code execution, bypass security measures, manipulate data, disclose confidential information, or cause a denial-of-service condition.

Adversaries may create custom administrative roles in Google Workspace to establish persistence with tailored, elevated permissions, which are then assigned to compromised or attacker-controlled accounts to bypass security controls, grant OAuth access, or modify mail routing.

Adversaries leverage the assignment of administrative roles within Google Workspace to an existing or new user/group, establishing persistence and escalating privileges to gain broad control over the tenant, including bypassing single sign-on.

Storm-2949 compromised cloud identities through social engineering and abused the Self-Service Password Reset (SSPR) process to bypass MFA and gain persistent access, enabling lateral movement and data exfiltration from Microsoft 365 and Azure environments.

AI applications deployed on Kubernetes with exposed UIs and weak authentication can lead to remote code execution, credential theft, and access to sensitive data, as observed in MCP servers, Mage AI, and kagent deployments.

Threat actors are rapidly exfiltrating data by exploiting blind spots created by an over-reliance on endpoint data, necessitating a comprehensive security approach that incorporates cloud, identity, and network telemetry for effective threat detection and response.

A Server-Side Request Forgery (SSRF) vulnerability in Kyverno's CEL HTTP library allows users with namespace-scoped policy creation permissions to make arbitrary HTTP requests, enabling unauthorized access to internal services, cloud metadata endpoints, and data exfiltration.

CrowdStrike Falcon Cloud Security enhances its CNAPP capabilities, incorporating adversary intelligence to prioritize cloud risks based on threat actor behavior, particularly focusing on groups like LABYRINTH CHOLLIMA and SCATTERED SPIDER, to enable security teams to understand and remediate cloud exposures more effectively.

CrowdStrike's CNAPP enhancements prioritize cloud risk based on adversary behavior, correlating application insights with cloud infrastructure telemetry to identify and address critical exposures targeted by specific threat actors like LABYRINTH CHOLLIMA and SCATTERED SPIDER.

CrowdStrike's CNAPP enhancements prioritize cloud risks based on adversary behavior, application context, and configuration change tracking to reduce breach likelihood.

CrowdStrike enhances its CNAPP capabilities by incorporating adversary intelligence for improved risk prioritization, addressing limitations in infrastructure visibility, threat actor behavior analysis, and alert triage.

CrowdStrike has enhanced its CNAPP capabilities by adding application-layer visibility and prioritizing risks based on known adversary tactics, techniques, and procedures (TTPs).

CrowdStrike Falcon Cloud Security enhances CNAPP capabilities with application-layer visibility and adversary-informed risk prioritization, enabling security teams to focus on attacker-aligned risks and known threat actors.

CrowdStrike's new CNAPP capabilities in Falcon Cloud Security focus on adversary-informed risk prioritization by correlating application-layer visibility with threat actor profiles and techniques, enabling security teams to understand cloud risk, prioritize remediation, and accelerate response.

CISA is urging US organizations to secure their Microsoft Intune systems due to a breach at Stryker, highlighting potential vulnerabilities in cloud-based device management that could lead to unauthorized access and control over managed devices.