• Latest
  • Trending
7 Cloud Vulnerabilities Endangering Your Data!

7 Cloud Vulnerabilities Endangering Your Data!

December 13, 2021
Qualcomm Announces Snapdragon 8+ Gen 1 and Snapdragon 7 Gen 1

Qualcomm Announces Snapdragon 8+ Gen 1 and Snapdragon 7 Gen 1

May 20, 2022
HP’s premium laptop revamp: more OLED displays, 12th-gen Intel CPUs

HP’s premium laptop revamp: more OLED displays, 12th-gen Intel CPUs

May 20, 2022
Android 13 beta will test out-of-the-box support for most braille displays

Android 13 beta will test out-of-the-box support for most braille displays

May 20, 2022
WhatsApp to Launch Cloud-Based Tools, Premium Features for Businesses

WhatsApp to Launch Cloud-Based Tools, Premium Features for Businesses

May 20, 2022
Huawei and SolarEdge Sign a Global Patent License Agreement

Huawei and SolarEdge Sign a Global Patent License Agreement

May 20, 2022
Dijbouti Telecom Welcomes the Landing of 2Africa Submarine Cable

Dijbouti Telecom Welcomes the Landing of 2Africa Submarine Cable

May 20, 2022
Ghana Smart Africa Digital Academy launches its national digital academy

Ghana Smart Africa Digital Academy launches its national digital academy

May 20, 2022
Ghana’s Rural Telecom Facilities to be Upgraded to 4G

Ghana’s Rural Telecom Facilities to be Upgraded to 4G

May 20, 2022
Silicon Power Announces UD90 PCIe 4.0 SSD

Silicon Power Announces UD90 PCIe 4.0 SSD

May 20, 2022
ZADAK Announces TWSG4S PCIe Gen4 x4 SSD

ZADAK Announces TWSG4S PCIe Gen4 x4 SSD

May 20, 2022
Samsung Sampling 512GB CXL Memory Module

Samsung Sampling 512GB CXL Memory Module

May 20, 2022
IBM Elastic Storage System 3500

IBM Elastic Storage System 3500

May 20, 2022
  • Consumer Watch
  • Kids Page
  • Directory
  • Events
  • Reviews
Sunday, 22 May, 2022
  • Login
itechnewsonline.com
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion
Subscription
Advertise
No Result
View All Result
itechnewsonline.com
No Result
View All Result

7 Cloud Vulnerabilities Endangering Your Data!

by ITECHNEWS
December 13, 2021
in Opinion
0 0
0
7 Cloud Vulnerabilities Endangering Your Data!

Organizations globally use cloud services for cloud-native development, data analytics, machine learning and application migration among many other things. While data storage and management have never been easier, cloud vulnerabilities have become a huge threat to data security. 

According to an article by HelpNetSecurity, 93% of businesses have serious concerns about public cloud security.  

YOU MAY ALSO LIKE

How to Think about Threat Detection in the Cloud

The Current Status and the Future of the .Net Framework

The VAPT team of Kratikal, a CERT-In-empanelled security auditor, has conducted cloud security assessments for numerous organizations around the globe. Here is a list of the top 7 critical cloud vulnerabilities we found. 

#1  Lack of Multi-factor Authentication for Privileged Users

One of the most common cloud vulnerabilities is the lack of multi-factor authentication (MFA) for users who are assigned to privileged administrative roles in control. For any kind of cloud environment, access of privileged users must be as protected as possible. Neglecting to enable a security measure as basic as MFA can result in grave consequences for an organization.

Without multi-factor authentication, it makes it very easy for malicious actors to compromise privileged accounts. The lack of MFA also leaves these accounts susceptible to brute force attacks. As these accounts often have elevated administrator permissions, they can be used by hackers to completely disrupt an organization’s operations and steal its data. 

#2 No Multi-factor Authentication to Join Devices

In many cases, cloud environments lack multi-factor authentication (MFA) when new devices are added. This can prove to be a huge threat to cloud security. Enabling MFA for joining devices prevents any rogue devices from being registered by compromised user accounts. MFA works by asking for any two or more of the verification methods mentioned below:

  • A password or PIN
  • A trusted device that can’t be easily duplicated such as a phone
  • Biometrics like a fingerprint

When you enable MFA, users need to provide at least two forms of credentials to add a device, making sure that only legitimate users are allowed to do so.

#3 Open S3 Bucket 

According to an article by Soc Investigation, S3 bucket misconfigurations are the reason behind 16% of all cloud security breaches. Standing for a simple storage service, S3 is AWS’s cloud storage service. 

It allows you to store, access, retrieve and back up as much data as you want anytime, anywhere. According to research, approximately 1 in 6 of the 12,328 identified buckets were openly accessible to anyone that’s interested. 

Without appropriate protection, any information stored in an open S3 bucket can be easily browsed by various scripts and other tools. Open S3 buckets can cause severe data breaches and lead to the exposure of highly sensitive data. 

In 2018, a misconfigured S3 bucket caused the leakage of 48 million records accumulated by a private data analytics firm! 

#4 Incomplete Data Deletion

Data deletion is something that should be done very carefully. Threats related to data deletion usually exist because you don’t have full visibility into where your data is physically stored in the cloud. This reduces your ability to verify whether or not your data has been securely deleted. 

The risk is especially concerning in a multi-tenant cloud environment, where your data is spread across an array of different storage devices within the cloud infrastructure.

Moreover, every cloud service provider has its own data deletion procedures. In such cases, it can become difficult for organizations to make sure that the remnants of their data do not fall into the wrong hands. This can pose huge data security and privacy risk, endangering the integrity and safety of your valuable data. 

#5 Lambda Command Injection

Lambda function, an AWS serverless computing service, executes code as and when needed. Once the code has been executed, the computing instance responsible for the execution decommissions itself. While serverless computing is significantly more secure, there are still some security threats.

In the case of serverless computing services like Lambda, OS Command Injection comes under the category of Data Event Injections. Lambda command injection passes an unexpected event in the form of a request with special strings to the vulnerable function that gets evaluated and interpreted to OS-level operations. Your data is at serious risk if your cloud service is left vulnerable to Lambda Command Injection. 

#6 Insecure APIs

Application user interfaces (APIs) are widely used to streamline cloud computing. APIs not only enhance the convenience and boost efficiency but also make it very easy to share information between multiple applications. However, when left insecure, they can be a source of numerous cloud vulnerabilities and serve as a very easy point of attack for malicious actors.

By exploiting insecure APIs, threat actors can easily launch DDoS attacks and gain access to sensitive enterprise data while staying undetected. In fact, according to research conducted by Gartner, API abuses are expected to become the most commonly used attack vector by 2022. 

#7 Failure of Separation Among Multiple Tenants

The failure to maintain fool-proof separation between tenants in a cloud environment that supports multi-tenancy can prove to be one of the gravest cloud vulnerabilities. Malicious actors can easily take advantage of this failure to gain access to an organization’s assets or data through another user’s resource. 

Multi-tenancy, when handled improperly, can increase the attack surface and lead to data leakage if its separation controls fail. This vulnerability, if not mitigated at once, can seriously endanger an organization’s data security and privacy. 

These are just some of the many vulnerabilities haunting cloud environments worldwide. While moving to the cloud has become important to survive in today’s digitized world, failure to take the necessary precautions is nothing short of reckless endangerment.

One of the best ways to stay ahead of this threat is by conducting regular cloud penetration testing and mitigating all the detected vulnerabilities on priority. It’s always a wise choice to identify all the weaknesses in your cloud environment before threat actors can exploit them. 

By Security Boulevard

ShareTweetShare

Get real time update about this post categories directly on your device, subscribe now.

Unsubscribe

Search

No Result
View All Result

Recent News

Qualcomm Announces Snapdragon 8+ Gen 1 and Snapdragon 7 Gen 1

Qualcomm Announces Snapdragon 8+ Gen 1 and Snapdragon 7 Gen 1

May 20, 2022
HP’s premium laptop revamp: more OLED displays, 12th-gen Intel CPUs

HP’s premium laptop revamp: more OLED displays, 12th-gen Intel CPUs

May 20, 2022
Android 13 beta will test out-of-the-box support for most braille displays

Android 13 beta will test out-of-the-box support for most braille displays

May 20, 2022

About What We Do

itechnewsonline.com

We bring you the best Premium Tech News.

Recent News With Image

Qualcomm Announces Snapdragon 8+ Gen 1 and Snapdragon 7 Gen 1

Qualcomm Announces Snapdragon 8+ Gen 1 and Snapdragon 7 Gen 1

May 20, 2022
HP’s premium laptop revamp: more OLED displays, 12th-gen Intel CPUs

HP’s premium laptop revamp: more OLED displays, 12th-gen Intel CPUs

May 20, 2022

Recent News

  • Qualcomm Announces Snapdragon 8+ Gen 1 and Snapdragon 7 Gen 1 May 20, 2022
  • HP’s premium laptop revamp: more OLED displays, 12th-gen Intel CPUs May 20, 2022
  • Android 13 beta will test out-of-the-box support for most braille displays May 20, 2022
  • WhatsApp to Launch Cloud-Based Tools, Premium Features for Businesses May 20, 2022
  • Home
  • InfoSec
  • Opinion
  • Africa Tech
  • Data Storage

© 2021 iTechNewsOnline.Com - Powered by BackUpDataSystems

No Result
View All Result
  • Home
  • Tech
  • Africa Tech
  • InfoSEC
  • Data Science
  • Data Storage
  • Business
  • Opinion

© 2021 iTechNewsOnline.Com - Powered by BackUpDataSystems

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?
Go to mobile version