Alerts This Week
Warning Icon 1 1,375
Alerts This Week
Warning Icon 1 1,375

Exploit Risks of Misconfigured Azure Services in EmojiDeploy Attack Chain

32.Lock Code Circular Esm H446

Multiple misconfigurations in a service that underpins many Azure features could have allowed an attacker to remotely compromise a cloud user's system.

An attack chain exploiting misconfigurations and weak security controls in a common Azure service is highlighting how lack of visibility impacts the security of cloud platforms. 

The "EmojiDeploy" attack chain could allow a threat actor to run arbitrary code with the permission of the Web server, steal or delete sensitive data, and compromise a targeted application, Ermetic stated in its Jan. 19 advisory. An attacker could use a trio of security issues affecting the common Source Code Management (SCM) service — a cloud service used by many Azure applications without an explicit indication to the user, according to Ermetic.

The issues demonstrate that the security of cloud platforms are undermined by the lack of visibility into what those platforms do under the hood, says Igal Gofman, head of research for Ermetic.

The link for this article located at DarkReading is no longer available.

Your message here
Your message here