GCP reports 3 Vulnerabilities

February 2, 2022
  • Google Cloud have reported that 3 security vulnerabilities have been discovered in the Linux kernel, each of which can lead to either a container breakout, privilege escalation on the host, or both.Google have shared that these vulnerabilities affect all GKE node operating systems and Anthos clusters on VMware node operating systems (COS and Ubuntu). Pods using GKE Sandbox are not vulnerable to these vulnerabilities. You can find out more about it here.
  • As a Cloud Security Enthusiasts, we often hear about misconfigurations being at the centre of many breaches and vulnerabilities found. This week safety detectives uncovered and reported on a misconfigured AWS S3 bucket that exposed over 1 million files – “The data we observed related to airport employees from different sites across Colombia and Peru, and there could be entities from other nations with exposed data on the bucket.” “The Amazon S3 bucket was left open and accessible, without any authentication procedures in place and exposed almost 1.5 million files, equating to about 3TB of data. This once again brings attention to the value of probably configured cloud infrastructure to secure sensitive data and access. The full report can be viewed here.
  • Most of us are familiar with Salesforce, a popular American cloud-based software company headquartered in San Francisco. As of February 1, 2022, Salesforce now requires all customers to use  multi-factor authentication  MFA in order to access Salesforce products. Salesforce has implemented this change noting that “As the global threat landscape evolves, it’s important to understand that the types of attacks that can cripple businesses and exploit consumers are on the rise. As businesses transition to remote work environments, it’s more important than ever to implement stronger security measures. A key part of a security strategy is safeguarding access to user accounts. That’s where MFA comes in. It’s one of the simplest, most effective ways to prevent unauthorized account access and safeguard your data and your customers’ data. Let us know what you think of this change and more on this can be found here.
  • Its always interesting to know where the world of Cloud and Cloud security is headed in the future. A recent report from markets and markets has shared that the “global cloud security market size is expected to grow from USD 40.8 billion in 2021 to USD 77.5 billion by 2026”. They highlighted that the major factors fueling the cloud security market include growing sophistication of cybercrimes, cyber espionage campaigns, and generation of new cyberattacks, upthrust in the use of cloud-based solutions and upsurge in bring your own device trends to boost the demand for cloud security. They also shared the impacts of Covid 19 on Cloud Security – accelerated digital transformation due to increased need for remote work has increased need for Cloud computing, increase email phishing as scammers use Covid-19 as a lure, You can find out more here
  • If you like staying in the know of upcoming cloud security startups and initiatives, this is one for you. Cloud security and compliance automation startup Anitian this week closed a $55 million Series B funding bringing their funding to date to $71 million. In a company blog CEO, ​​Rakesh Narasimhan shared that the new funding is a significant milestone in accelerating their mission to provide the most innovative cloud security, compliance automation, and cloud security posture management (CSPM) platforms that enable enterprises of all sizes with the fastest path to security and compliance in the cloud. You can find out more about them here.
  • In other news Check Point has acquired Spectral, an Israeli startup who have developer-first security tools designed by developers for developers. With this acquisition, Check Point extends its cloud solution, Check Point CloudGuard, with developer-first security platform, to provide a range of cloud application security use cases including Infrastructure as Code (IaC) scanning and hardcoded secrets detection. Find out more here.

Recommend a topic

Partner with us

Join the team

Enjoying our content? Don't forget to subscribe!