Cloud Security Breach Raises Alarms Among Experts

Recent revelations of a significant data breach have sparked serious concerns regarding the integrity of cloud security frameworks. Security professionals contend that this incident challenges the foundational promise of cloud services—that of tenant isolation and breach containment. “Cloud customers were engaged on a bedrock security promise: tenant isolation and segregation contain breaches,” stated Sunil Varkey, an advisor at Beagle Security. He noted that a single breach led to the exposure of approximately 6 million records spanning 140,000 clients, with the provider reportedly unaware of the vulnerability until it was too late, thus undermining the perceived security landscape.

Varkey elaborated on the implications of the breach, describing a “watering hole” effect. He explained that “A breached SSO endpoint with a master key isn’t just a data grab; it’s a perfect watering hole. Every tenant logging in, from global enterprises to SMBs, becomes prey. The hacker doesn’t chase them; they come to the trap.” This highlights how a compromised access point can place an entire ecosystem of clients at risk, transforming individual users into targets unwittingly.

The breach was initially reported by CloudSEK, a notable threat intelligence organization, which uncovered that a hacker was marketing the stolen six million records. The compromised data reportedly originated from Oracle Cloud’s Single Sign-On (SSO) and Lightweight Directory Access Protocol (LDAP) systems. Security analysts have traced the breach back to CVE-2021-35587, a vulnerability previously identified in Oracle Access Manager. This flaw had earlier been flagged by the Cybersecurity and Infrastructure Security Agency (CISA) as an exploited weakness, raising further alarms regarding the need for robust security measures within cloud services.

This incident serves as a stark reminder of the vulnerabilities that can exist within cloud environments, even concerning established companies. As businesses increasingly rely on cloud infrastructure for their operations and sensitive data storage, the need for vigilant security practices has never been more pronounced.

Source
www.csoonline.com

Oracle Acknowledges Data Breach Following Lawsuit Alleging Cover-Up

Cloud Security Breach Raises Alarms Among Experts

Palo Alto Networks Acquires Protect AI to Enhance AI Security Platform

Google Warns of Increasing Enterprise-Specific Zero-Day Exploits

Cybersecurity Leaders Condemn ‘Political Persecution’ of Chris Krebs in Letter to the President

Mahesh Bhatt Reveals Ex-Girlfriend Parveen Babi Believed Someone Was Out to Kill Her: “She Was Shivering Like an Animal, in Distress”

Is it Wise to Delay Claiming Social Security? Insights from Experts

Town Stands Firm on Native American Mascot for School, Gains Trump’s Endorsement

Breaking news

Mahesh Bhatt Reveals Ex-Girlfriend Parveen Babi Believed Someone Was Out to Kill Her: “She Was Shivering Like an Animal, in Distress”

Kolkata Hotel Fire Claims at Least 14 Lives, According to Police

“Set the Record Straight: What Really Happened to the Wisconsin Judge”

St. Louis Officials Shocked by Discovery of Two Bodies

Abreu’s Three-Run Homer Powers Red Sox to Victory Over Jays

Beyoncé’s Cowboy Carter Tour Kickoff Featuring Blue Ivy and Rumi’s Unmissable Cameo

Pakistan Accuses India of Preparing Attack Within 36 Hours as Tensions Rise Between Nuclear-Armed Neighbors