Security researchers recently probed IBM Cloud’s database-as-a-service infrastructure and found several security issues that granted them access to the internal server used to build database images for customer deployments. The demonstrated attack highlights some common security oversights that can lead to supply chain compromises in cloud infrastructure.
Developed by researchers from security firm Wiz, the attack combined a privilege escalation vulnerability in the IBM Cloud Databases for PostgreSQL service with plaintext credentials scattered around the environment and overly permissive internal network access controls that allowed for lateral movement inside the infrastructure.
More Stories
Canadian man loses a cryptocurrency fortune to scammers – here’s how you can stop it happening to you
A Canadian man lost a $100,000 cryptocurrency fortune - all because he did a careless Google search. Read more in...
Medusind Breach Exposes Sensitive Patient Data
The US medical billing firm is notifying over 360,000 customers that their personal, financial and medical data may have been...
Fake PoC Exploit Targets Security Researchers with Infostealer
Trend Micro detailed how attackers are using a fake proof-of-concept for a critical Microsoft vulnerability, designed to steal sensitive data...
Smashing Security podcast #399: Honey in hot water, and reset your devices
Ever wonder how those "free" browser extensions that promise to save you money actually work? We dive deep into the...
Space Bears ransomware: what you need to know
The Space Bears ransomware gang stands out from the crowd by presenting itself better than many legitimate companies, with corporate...