Jay Taylor's notes

back to listing index

AttachMe: critical OCI vulnerability allows unauthorized access to customer cloud storage volumes | Wiz Blog

[web search]
Original source (www.wiz.io)
Tags: cloud cloud-computing storage vulnerabilities oracle bola broken-object-level-authorization oracle-cloud-infrastructure wiz www.wiz.io
Clipped on: 2022-09-21

Before it was patched, #AttachMe could have allowed attackers to access and modify any other users' OCI storage volumes without authorization, thereby violating cloud isolation. Upon disclosure, the vulnerability was fixed within hours by Oracle. No customer action was required.

Image (Asset 2/30) alt= 
Today, there is no clear process around cloud vulnerabilities enforced by the security community. Cloud vulnerabilities are not issued CVEs, so they are very hard for customers to track. Recently, researchers from Wiz along with other cloud security community members initiated the Open Cloud Vulnerability & Security Issue Database to help cloud users and defenders monitor and track cloud vulnerabilities. If you are interested in contributing, you can check out the OpenCVDB GitHub

Secure everything you build and run in the cloud

Organizations of all sizes and industries use Wiz to rapidly identify and remove the most critical risks in AWS, Azure, GCP, OCI, and Kubernetes so they can build faster and more securely.

Continue reading

The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors

How Wiz Research uncovered multiple related vulnerabilities in PostgreSQL-as-a-Service offerings from GCP, Azure, and others.

$100M ARR in 18 months: Wiz becomes the fastest-growing software company ever

August 10, 2022
Just two years since its launch, Wiz protects hundreds of the world’s leading organizations by enabling them to build faster and more securely in the cloud

Wiz expands board and executive team with top security leaders from DocuSign, Aon, Meta and Okta

August 10, 2022
Wiz continues momentum with addition of security luminary Emily Heath to board of directors; expands executive team to lead hyper-growth