Source |
CSO |
Identifiant |
6900296 |
Date de publication |
2022-09-14 14:52:00 (vue: 2022-09-15 03:05:44) |
Titre |
Excess privilege in the cloud is a universal security problem, IBM says (Recyclage) |
Texte |
Excess privilege granted to cloud identities is a key component in 99% of all security tests performed by IBM's X-Force Red penetration testing team, according to a report released Wednesday by the company.Both human users and service accounts were consistently found to have more access rights and privileges than they generally need, which makes exploiting a successful breach in a cloud system much easier than it would otherwise be, the report said.“This setup enabled attackers who managed to get a foothold in the environment to pivot and move laterally to exploit additional cloud components or assets,” according to the report.That's bad news for the cloud sector, which also saw a 200% increase in the number of compromised accounts being sold on the dark web, and an increase in the average severity score of vulnerabilities found in cloud systems, IBM said. That severity score, which is based on CVSS, rose to an average of 18 in the latest report, up from 15 ten years ago.To read this article in full, please click here |
Envoyé |
Oui |
Condensat |
200 access according accounts additional ago all also article assets attackers average bad based being both breach click cloud company component components compromised consistently cvss dark easier enabled environment excess exploit exploiting foothold force found from full generally get granted have here human ibm identities increase key laterally latest makes managed more move much need news number otherwise penetration performed pivot please privilege privileges problem read red released report rights rose said saw says score sector security service setup severity sold successful system systems team ten testing tests than that universal users vulnerabilities web wednesday which who would years “this |
Tags |
|
Stories |
|
Notes |
|
Move |
|
Source |
CSO |
Identifiant |
6895707 |
Date de publication |
2022-09-14 14:52:00 (vue: 2022-09-14 22:05:44) |
Titre |
Excess privilege in the cloud is a universal problem, IBM says |
Texte |
Excess privilege granted to cloud identities is a key component in 99% of all security tests performed by IBM's X-Force Red penetration testing team, according to a report released Wednesday by the company.Both human users and service accounts were consistently found to have more access rights and privileges than they generally need, which makes exploiting a successful breach in a cloud system much easier than it would otherwise be, the report said.“This setup enabled attackers who managed to get a foothold in the environment to pivot and move laterally to exploit additional cloud components or assets,” according to the report.That's bad news for the cloud sector, which also saw a 200% increase in the number of compromised accounts being sold on the dark web, and an increase in the average severity score of vulnerabilities found in cloud systems, IBM said. That severity score, which is based on CVSS, rose to an average of 18 in the latest report, up from 15 ten years ago.To read this article in full, please click here |
Envoyé |
Oui |
Condensat |
200 access according accounts additional ago all also article assets attackers average bad based being both breach click cloud company component components compromised consistently cvss dark easier enabled environment excess exploit exploiting foothold force found from full generally get granted have here human ibm identities increase key laterally latest makes managed more move much need news number otherwise penetration performed pivot please privilege privileges problem read red released report rights rose said saw says score sector security service setup severity sold successful system systems team ten testing tests than that universal users vulnerabilities web wednesday which who would years “this |
Tags |
|
Stories |
|
Notes |
|
Move |
|