need to read this one
Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms: https://lnkd.in/eQQgteXy by Nate Nelson
Skip to main content
need to read this one
Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms: https://lnkd.in/eQQgteXy by Nate Nelson
To view or add a comment, sign in
Heads up: A severe memory corruption vulnerability inside the Fluent Bit cloud logging utility, and the app is used across major cloud platforms. https://lnkd.in/eQQgteXy #FluentBit
To view or add a comment, sign in
Global Account Director - Managed Network & Communications Services - Cybersecurity - MSP Services - IoT Solutions - Managed Cloud Services
@DarkReading Heads up: A severe memory corruption #vulnerability inside the Fluent Bit cloud logging utility, and the app is used across major cloud platforms. https://lnkd.in/eQTQfn4T #FluentBit
To view or add a comment, sign in
This is one to update and/or secure ASAP. Fluent Bit, a cloud monitoring application, is "one of the more popular pieces of software out there, with more than 3 billion downloads...and a new 10 million or so deployments with each passing day". Left unpatched by users, this issue in the Fluent Bit API, that could allow for cross tenant data leakage and more, has the potential to be a real problem for every cloud. https://lnkd.in/gjb3MtcR
To view or add a comment, sign in
Business Development Consultant @ Technology Solutions Partners llc | MS/MBA | Cybersecurity | Cloud Computing | 200+ Providers Ready to Meet Your Needs |
#securityvulnerability Researchers have uncovered a critical memory corruption vulnerability in #FluentBit, aka the Linguistic Lumberjack, a widely-used #cloud #logging utility. The vulnerability resides in the embedded #HTTP server, posing significant risks across major cloud platforms. This open-source utility, with over 3 billion downloads in 2022, is utilized by leading organizations like VMware, Cisco, Adobe, Walmart, LinkedIn, and major cloud service providers such as #AWS, #Microsoft, and #Google Cloud.
To view or add a comment, sign in
💥Do your best, leave the rest💥 Mom | Wife | IT Leader | CloudSec | CCSK | AppSec | Sec+ | Co-Founder | Google Women TechMaker Ambassador | Speaker | Mentor | Business Transformation | IEEE-SM | Board Member
Researchers have discovered a severe memory corruption vulnerability inside of a cloud logging utility used across major cloud platforms. The service, Fluent Bit, is an open source tool for collecting, processing, and forwarding logs and other types of application data. It's one of the more popular pieces of software out there, with more than 3 billion downloads as of 2022, and a new 10 million or so deployments with each passing day. It's used by major organizations such as VMware, Cisco, Adobe, Walmart, and LinkedIn, and nearly every major cloud service provider, including AWS, Microsoft, and Google Cloud. The issue with Fluent Bit, dubbed "Linguistic Lumberjack" in a new report from Tenable, lies in how the service's embedded HTTP server parses trace requests. Manipulated in one way or another, it can cause denial of service (DoS), data leakage, or remote code execution (RCE) in a cloud environment. #kavibcloudsecurity2024 https://lnkd.in/ewtenUVU
To view or add a comment, sign in
Researchers discovered a critical vulnerability in the widely used open-source logging utility Fluent Bit that is deployed across major cloud platforms like AWS, Azure, and Google Cloud, allowing attackers to cause denial of service, remote code execution, or data leakage by manipulating requests to an endpoint; the vulnerability was found to leak cross-tenant data and crash Fluent Bit instances when exploited, impacting versions from 2.0.7 through 3.0.3; while maintainers have since patched the issue, organizations using Fluent Bit are urged to immediately update or restrict access to its monitoring API to mitigate risks posed by the flaw.
To view or add a comment, sign in
TUNNEL VISION: Google Cloud comes packaged with a default virtual private cloud called Compute Engine, which, while limiting most inbound connections, does not limit any connections within an organization's internal subnetwork. So, if an attacker can breach and execute code in the default VPC, they have a path to access Dataproc clusters because those two interfaces are left open by default. "The attacker can now tunnel through the compromised machine to access both Web interfaces," the researchers explained. "They can use the YARN endpoint to create applications, submit jobs and perform Cloud Storage operations.” Or worse, they can use the HDFS endpoint to browse through the storage file system and obtain full access to sensitive data.
To view or add a comment, sign in
The great thing about public cloud is the ease of use. The really bad thing about public cloud is ease of use. https://lnkd.in/gaWz4i5M
To view or add a comment, sign in
Nah this isn't scary Cloud is safe and secure If set up properly
To view or add a comment, sign in
Critical Bug in Fluent Bit, a popular (10M deploy per day) open source. The bug may allow DoS, RCE, and Data Leaks in All Major Cloud Platforms. The bug exists in Fluent Bit versions 2.0.7 through 3.0.3. It's being tracked under CVE-2024-4323, and it has a "critical" CVSS score. Fixed version 3.0.4 is available. How do you manage your open source associated risks? #opensource #fossaware #riskmanagment
To view or add a comment, sign in