"The issue is not the applications themselves, but how they are often deployed and maintained in real-world cloud environments. Pentera Labs examined how training and demo applications are being used across cloud infrastructures and identified a recurring pattern: applications intended for isolated lab use were frequently found exposed to the public internet, running inside active cloud accounts, and connected to cloud identities with broader access than required."
"Pentera Labs research found that these applications were often deployed with default configurations, minimal isolation, and overly permissive cloud roles. The investigation uncovered that many of these exposed training environments were directly connected to active cloud identities and privileged roles, enabling attackers to move far beyond the vulnerable applications themselves and potentially into the customer's broader cloud infrastructure."
"In these scenarios, a single exposed training application can act as an initial foothold. Once attackers are able to leverage connected cloud identities and privileged roles, they are no longer constrained to the original application or host. Instead, they may gain the ability to interact with other resources within the same cloud environment, significantly increasing the scope and potential impact of the compromise."
Intentionally vulnerable training applications are frequently deployed with default configurations, minimal isolation, and overly permissive cloud roles inside active cloud accounts. Many of these instances are exposed to the public internet and connected to cloud identities with broader access than required. Such configurations allow a single exposed training application to serve as an initial foothold, enabling attackers to leverage connected identities and privileged roles to access other resources. This lateral access can significantly expand the scope and impact of a compromise. Nearly 2,000 live, exposed training application instances were verified, with close to 60% hosted on customer-managed AWS, Azure, or GCP infrastructure.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]