Today is October 9, 2020, and this is the SDxCentral Weekly Wrap where we cover the week’s top stories on next-generation IT infrastructure.Palo Alto Networks’ Unit 42 threat hunting team discovered two critical Amazon cloud misconfigurations in a customer deployment that if exploited could have cost the customer tens of millions of dollars.
The misconfigurations were found during a Unit 42 red team exercise on a client’s deployment. They discovered that the customer had made two critical Amazon misconfigurations specific to identity that could have led to a multi-million-dollar data breach.
Unit 42 then used that insight to mine public data from the GitHub repository where it found thousands of accounts that were also susceptible to similar identity misconfigurations. Exploitation of those flaws would have allowed an attacker to generate denial-of-service, ransomware, and advanced persistent threats against those accounts.
The research group was also able to move laterally without privilege by exploiting a misconfigured identity role related to flow-log management. They then escalated their privileges to gain administrative access to the entire cloud environment.
This allowed them to create new Amazon Elastic Compute Cloud and Relational Database Service instances and modify user and policy permissions. Attackers could then exploit this misconfiguration to steal sensitive data, wipe out infrastructure, or lockdown an operation with ransomware. Unit 42 did note that the flaws were not exploited, and it was able to work with its clients to secure the cloud deployments.
Nvidia launched a new line of data processing units and a data center architecture targeted at gaining a dominate position in the lucrative data center space. The new DPU is designed to take on hypervisor functionality that currently runs in the CPU. This allows for the CPU to focus on running applications and isolates a compromised host from the security layer in the event of a security breach. The what is computer engineering are built on technology acquired from Mellanox, which Nvidia purchased last year for $6.9 billion. Mellanox announced a version of that platform earlier this year before that deal closed.
No comments:
Post a Comment