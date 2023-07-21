



Researchers have discovered a privilege escalation vulnerability in Google Cloud Build. This vulnerability could allow a malicious attacker to modify an application image and infect a user.

Researchers at Orca Security have discovered a design flaw in the Google Cloud Build service. An attacker could gain privilege escalation and gain unauthorized access to code repositories in Google’s Artifact Registry.

The researchers dubbed the vulnerability “Bad.Build,” and said it could have widespread impact comparable to supply chain attacks such as those caused by exploiting the 3CX, MOVEit, and SolarWinds flaws.

The vulnerability was fixed in June and according to Google no further action is required from the user. However, security researchers argue that Google’s fix only limits the privilege escalation (PE) vectors found, leaving the organization still vulnerable to large-scale supply chain risks.

Google Cloud Build users are advised to take action, as the researchers go on to describe how the Bad.Build design flaw can be exploited. We’ll let you know what to do below (under Mitigation).

First, let’s look at the problem.

In traditional software development, programmers code applications in one computing environment and discover bugs and errors when deploying to another. With this in mind, developers bundle their applications with all the relevant configuration files, libraries, and dependencies needed to run in containers hosted in the cloud. This method is called containerization.

Google Cloud Build is a managed continuous integration and delivery (CI/CD) service from Google Cloud that makes it easy to get container images in the cloud. Cloud Build also provides pre-built images that you can reference in your Cloud Build configuration files to run your tasks.

The Artifact Registry provides an overview of the packages you use while continuously monitoring and updating the status of those artifacts. It provides insight and control over the packages, images, and other dependencies used in the software development and delivery process.

A flaw discovered by researchers allows spoofing of the default Cloud Build service account. Exploiting this flaw would allow an attacker to manipulate images in her Google’s Artifact Registry and inject malicious code. If these images are intended for use by the supplying organization’s customers, the risk spreads from the supplying organization’s environment to the customer’s environment, resulting in a supply chain attack.

After being notified of this issue, Google has revoked the logging.privateLogEntries.list IAM permission from the Cloud Build service account in order to adhere to the security principle of least privilege. When you enable the Cloud Build API for your project, Cloud Build automatically creates a default service account to run builds on your behalf. This Cloud Build service account was previously granted permissions that allowed builds to access the list of private logs by default. However, the revoked permissions had nothing to do with the Artifact Registry.

As a result, an attacker could use artifactregistry privileges to download and exfiltrate images used within Google Kubernetes Engine (GKE). Malicious code could then be injected into the image and pushed to the artifact her registry, which would then be deployed to GKE again. Once the malicious image is deployed, an attacker can exploit it to execute code as root on the Docker container.

relief

If the researchers did reveal anything, it’s important for organizations to pay close attention to the behavior of the default Google Cloud Build service account. Some important factors to keep in mind:

Principle of least privilege. Limit permissions to what you need and keep track of permissions granted. Implement cloud detection and response. If something goes wrong, it’s important to know it as soon as possible. Prioritize risk, but don’t lose sight of the fact that the combination of two or more seemingly harmless vulnerabilities can lead to a lethal attack.

Google denied Orca Security’s assessment and explained that the access given to service accounts was “the nature of an automated system that runs independently,” but both agreed that it was important to review permissions and adjust them as needed depending on the threat model.

Malwarebytes EDR and MDR remove all ransomware remnants and prevent re-infection. Want to learn more about how we can help protect your business? Get your free trial below.

try it now

Sources 1/ https://Google.com/ 2/ https://www.malwarebytes.com/blog/news/2023/07/google-fixes-badbuild-cloud-build-flaw-researchers-say-its-not-enough The mention sources can contact us to remove/changing this article

What Are The Main Benefits Of Comparing Car Insurance Quotes Online

LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: [email protected]: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos