Tenable Research to Reveal a Critical Google Cloud Platform Vulnerability at Black Hat USA 2024

Tenable Research to Reveal a Critical Google Cloud Platform Vulnerability at Black Hat USA 2024


Tenable®, the Exposure Management company, today announced Liv Matan, senior cloud security researcher for Tenable, will give presentations at Black Hat USA 2024DEF CON 32 Cloud Village and BSides Las Vegas 2024, taking place from August 6 – 11, 2024 in Las Vegas, Nevada.

 

At Black Hat USA, Matan will give an in-depth presentation on the supply chain exposures that can arise when cloud services are stacked on top of each other. During the session titled, “The GCP Jenga Tower: Hacking Millions of Google’s Servers With a Single Package (and more),” he will disclose a new critical remote code execution (RCE) vulnerability – dubbed “CloudImposer” – which Tenable Research found in Google Cloud Platform (GCP). 

 

At BSides Las Vegas, Matan will give a presentation on domain management, the dangers of shared parent domains and FlowFixation, a previously disclosed vulnerability found in Amazon Web Services (AWS) by Tenable Research. In addition, Matan will give a presentation on the weaknesses introduced by cloud cross-service dependency and the stackability of cloud services, including details on a previously disclosed vulnerability found by Tenable Research in GCP, dubbed ConfusedFunction

 

Details for each speaking engagement are as follows:

 

BSides Las Vegas

  • Session Title: My Terrible Roommates: Discovering the FlowFixation Vulnerability & the Risks of Sharing a Cloud Domain
  • Date and Time: August 6, 2024 at 3:00 – 3:50 pm PT
  • Location: Tuscany Suites & Casino, Breaking Ground Room

 

Black Hat USA 

  • Session Title: The GCP Jenga Tower: Hacking Millions of Google’s Servers With a Single Package (and more)
  • Date and Time: August 7, 2024 at 1:30 – 2:10 pm PT
  • Location: Mandalay Bay Convention Center, South Pacific F, Level 0

 

DEF CON Cloud Village

  • Session Title: One Click, Six Services: Abusing The Dangerous Multi-service Orchestration Pattern
  • Date and Time: August 10, 2024 at 11:45 – 12:10 pm PT
  • Location: Las Vegas Convention Center West, W2 Hall

 

More information about Tenable Cloud Security is available at: https://www.tenable.com/products/tenable-cloud-security

 

About Tenable

Tenable® is the Exposure Management company. Approximately 44,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include approximately 65 percent of the Fortune 500, approximately 50 percent of the Global 2000, and large government agencies. Learn more at tenable.com

 

###

Media Contact:

Tenable

[email protected]



Source link
lol

Tenable®, the Exposure Management company, today announced Liv Matan, senior cloud security researcher for Tenable, will give presentations at Black Hat USA 2024, DEF CON 32 Cloud Village and BSides Las Vegas 2024, taking place from August 6 – 11, 2024 in Las Vegas, Nevada.   At Black Hat USA, Matan will give an in-depth presentation on the…

Leave a Reply

Your email address will not be published. Required fields are marked *