Welcome, and thanks for reading. In our second issue, we explore the data security impact of two newly discovered vulnerabilities and review recent data breaches in AWS and Azure. If you have feedback or suggestions, send a note to email@example.com.
March 3, 2022
In February, Linux announced a high-severity privilege escalation vulnerability designated "CVE-2022-0492". Researchers at Unit42 identified how this vulnerability can be exploited to potentially escape containers. Control groups (cgroups) are a Linux kernel feature used to allocate and limit resources containing a release_agent file. The vulnerability exists in this file, and if notify_on_release is enabled, a full permissions binary runs. However, the file is not checked for admin privileges which is the vulnerability. The exploitation of this vulnerability depends on circumstances such as security modules and profiles in use. In the right situations, the vulnerability can be used to escalate privileges for malicious purposes.
Data Security Perspective: All Linux users should immediately upgrade to the latest available version(s). Should an attacker exploit this vulnerability, they can gain access to sensitive data, gather system information and establish persistence. In addition, users should follow best security practices, including enabling Linux security modules such as Seccomp, SELinux, and AppArmor. As the vulnerability exists in the Linux kernel, all distributions are at risk and should follow security advisories for their distro. Users of AWS, GCP, and Kubernetes should enable Seccomp to restrict container privileges.
March 7, 2022
Researchers at Orca Security identified a critical vulnerability in the Microsoft Azure Automation Service. The vulnerability, named "AutoWrap," enables access to Managed Identity tokens for other user accounts, which can then grant full access to resources and data. Orca Researcher Yaniv Tsarimi wrote a simple Python script to make HTTP requests to a range of ports, retrieving other users' identity endpoints, including those in several large companies.
Data Security Perspective: AutoWarp demonstrates how vulnerabilities can exist in systems often trusted to be secure. Malicious actors can exploit the flaw to gain complete control of resources and data and elevate privileges. Microsoft patched the vulnerability and has not identified any token misuse. In addition, Azure Automation users are encouraged to follow best practices.
February 21, 2022
The security team at SafetyDetectives discovered a breach affecting French fashion retailer Melijoe. Melijoe had a misconfigured S3 bucket that exposed roughly 200 GB of data. The data contained customer PII including addresses, birth dates, email addresses, gender, children's names, payment information, and past purchases. Melijoe uploaded data to the unsecured bucket from October 2016 until November 2021, when SafetyDetectives notified the company of the exposure.
Data Security Perspective: Misconfigured S3 buckets are a common cause of data exposures. In this instance, Melijoe left their AWS S3 bucket publicly accessible due to a lack of password protection. S3 users should ensure buckets are configured with appropriate password protection. The Open Raven Data Security Platform and Magpie, our open-source CSPM, can alert users to misconfigurations and other security policy violations.
February 18, 2022
The Internet Society (ISOC), a non-profit organization, announced a data leak due to a third-party vendor. Security researchers at Clario identified the exposed data after discovering a misconfigured Azure blob repository. The repository was publicly accessible and contained PII of members, including addresses, email addresses, login credentials, and names. The Internet Society stated that there is no evidence of any malicious actors accessing the information.
….that well thought out, and well-maintained dataclasses are vital to any data classification software? Or that human data is one of the most difficult to match? In our latest article, Introduction to Regex Based Data Classification for the Cloud, you can learn everything you need to know about writing and developing dataclasses.