Latest news with #TenableResearch
Forbes
2 days ago
- Forbes
Microsoft Issues Windows 10 And 11 Update As Attacks Already Underway
Microsoft issues security update as Windows attacks begin. Users of the Windows operating system, be that Windows 10, Windows 11 or any of the Windows Server variants, are used to reading Microsoft cyberattack warnings. Some warnings, however, are more critical than others. Whenever a Windows zero-day exploit is involved, then you really need to start paying close attention. These are the vulnerabilities that have not only been found by threat actors, but also exploited and are under attack already by the time that the vendor, in this case Microsoft, becomes aware of them. Microsoft, and by extension you, are then playing catch-up to get protected against the cyberattacks in question. Here's what you need to know about CVE-2025-33053 and what you need to do right now. Don't wait, update Windows right now. The June 10 Patch Tuesday security rollout has brought with it a few unwelcome surprises, as is often the case. None more so than CVE-2025-33053, which is not only a zero-day, in that it is already known to have been exploited by threat actors, but is also being leveraged widely by cyberattacks, and that's very worrying indeed for all Windows users. A Microsoft executive summary describes the threat from CVE-2025-33053 as 'external control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network.' Or, in other words, a remote code execution vulnerability that can do some very bad things indeed. Tenable Research Special Operations has analyzed the threat, and Satnam Narang, the senior staff research engineer at Tenable, said that it has been confirmed in a Check Point Research report, a known threat group, Stealth Falcon, has 'launched a social engineering campaign to convince targets to open a malicious .url file, which would then exploit this vulnerability, giving them the ability to execute code.' That's problematical, as Narang explained, 'it is rare to hear of a zero-day reported during Patch Tuesday as being leveraged widely. We typically expect these types of zero-days to be used sparingly, with an intention to remain undetected for as long as possible.' All the more reason to get your systems updated as soon as possible. The attackers are not waiting, and neither should you. 'The advisory also has attack complexity as low,' Adam Barnett, lead software engineer at Rapid7, said, 'which means that exploitation does not require preparation of the target environment in any way that is beyond the attacker's control.' Indeed, exploitation just requires a user to click on a malicious link, oh what a surprise. 'It's not clear how an asset would be immediately vulnerable if the service isn't running,' Barnett concluded, adding 'but all versions of Windows receive a patch.' You know what to do, go and do it know.
Techday NZ
23-04-2025
- Techday NZ
Tenable reveals privilege risk in Google Cloud Composer flaw
Tenable Research has disclosed details of a privilege escalation vulnerability in Google Cloud Composer that could have enabled attackers to gain unauthorised access to critical cloud resources. The vulnerability, referred to as ConfusedComposer, was found to affect Google Cloud Composer environments by allowing users with limited permissions to exploit the integration between Composer and Google Cloud Build, Google's continuous integration and delivery service. Tenable reported that attackers possessing edit permissions in Cloud Composer could take advantage of Composer's use of the default Cloud Build service account, which is configured with broad privileges across Google Cloud Platform (GCP) services. By injecting a malicious Python package during the installation process, attackers could escalate their privileges and assume the identity of the Cloud Build service account. Once in control of this service account, a threat actor would have access to several critical GCP resources, including Cloud Build, Cloud Storage, and Artifact Registry. This access could be used to steal data, inject malicious code into software build pipelines, establish persistence through hidden backdoors, or escalate privileges further to potentially take full control of a GCP project. ConfusedComposer is described as a variant of a previously discovered vulnerability known as ConfusedFunction, illustrating how the interconnected nature of cloud services can contribute to the development of new exploitation methods based on existing weaknesses. Tenable used the term "Jenga Concept" to describe this phenomenon, where security weaknesses in one cloud service layer can cascade into others because of intertwined dependencies. "When you play the Jenga game, removing one block can make the whole tower unstable," said Liv Matan, Senior Security Researcher at Tenable. "Cloud services work the same way. If one layer has risky default settings, then that risk can spread to others, making security breaches more likely to happen." The vulnerability has been addressed by Google, and no further action is required from users to mitigate the issue in existing environments. However, Tenable's findings highlight a broader concern for organisations relying on cloud service ecosystems comprised of stacked and interdependent services. Tenable outlined specific impacts that could result from exploitation of ConfusedComposer. Potential consequences include theft of sensitive data, compromise of CI/CD pipelines, establishment of persistent unauthorised access methods, and total takeover of affected Google Cloud projects. In terms of security best practices, Tenable recommended that organisations enforce the principle of least privilege to minimise unnecessary permission inheritance, map hidden service dependencies using tools such as Jenganizer, and conduct regular log reviews to identify suspicious access attempts. "The discovery of ConfusedComposer highlights the need for security teams to uncover hidden cloud interactions and enforce strict privilege controls. As cloud environments become more complex, it's crucial to identify and address risks before attackers take advantage of them," added Matan. The disclosure of ConfusedComposer draws attention to the increasing complexity and interconnectivity in cloud platform security, suggesting that teams must proactively assess potential privilege escalation paths and inherited risks in their cloud architectures.
Tahawul Tech
24-03-2025
- Business
- Tahawul Tech
Tenable research reveals popular AI tools used in cloud environments are highly vulnerable
Tenable®, the exposure management company, recently announced the release of its Cloud AI Risk Report 2025, which found that cloud-based AI is prone to avoidable toxic combinations that leave sensitive AI data and models vulnerable to manipulation, data tampering and data leakage. Cloud and AI are undeniable game changers for businesses. However, both introduce complex cyber risks when combined. The Tenable Cloud AI Risk Report 2025 highlights the current state of security risks in cloud AI development tools and frameworks, and in AI services offered by the three major cloud providers—Amazon Web Services (AWS), Google Cloud Platform (GCP) and Microsoft Azure. The key findings from the report include: Cloud AI workloads aren't immune to vulnerabilities: Approximately 70% of cloud AI workloads contain at least one unremediated vulnerability. In particular, Tenable Research found CVE-2023-38545—a critical curl vulnerability—in 30% of cloud AI workloads. Approximately 70% of cloud AI workloads contain at least one unremediated vulnerability. In particular, Tenable Research found CVE-2023-38545—a critical curl vulnerability—in 30% of cloud AI workloads. Jenga®-style 1 cloud misconfigurations exist in managed AI services: 77% of organizations have the overprivileged default Compute Engine service account configured in Google Vertex AI Notebooks. This means all services built on this default Compute Engine are at risk. 77% of organizations have the overprivileged default Compute Engine service account configured in Google Vertex AI Notebooks. This means all services built on this default Compute Engine are at risk. AI training data is susceptible to data poisoning, threatening to skew model results: 14% of organisations using Amazon Bedrock do not explicitly block public access to at least one AI training bucket and 5% have at least one overly permissive bucket. 14% of organisations using Amazon Bedrock do not explicitly block public access to at least one AI training bucket and 5% have at least one overly permissive bucket. Amazon SageMaker notebook instances grant root access by default: As a result, 91% of Amazon SageMaker users have at least one notebook that, if compromised, could grant unauthorized access, which could result in the potential modification of all files on it. 'When we talk about AI usage in the cloud, more than sensitive data is on the line. If a threat actor manipulates the data or AI model, there can be catastrophic long-term consequences, such as compromised data integrity, compromised security of critical systems and degradation of customer trust', said Liat Hayun, VP of Research and Product Management, Cloud Security, Tenable. 'Cloud security measures must evolve to meet the new challenges of AI and find the delicate balance between protecting against complex attacks on AI data and enabling organisations to achieve responsible AI innovation'. 1 The Jenga®-style concept, coined by Tenable, identifies the tendency of cloud providers to build one service on top of the other, with 'behind the scenes' building blocks inheriting risky defaults from one layer to the next. Such cloud misconfigurations, especially in AI environments, can have severe risk implications if exploited. Image Credit Tenable
