EPISODE · Jan 26, 2023 · 7 MIN
Vulnerabilities discovered in AWS, GCP and Azure
from Cloud Security News · host Cloud Security Podcast Team
Cloud Security News this week 26 Jan 2023 To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News Nick Frichette has reported a vulnerability that impacts Cloud Trail event logging service. Cloudtrail is what users use in AWS to monitor their API activity so that they can detect any suspicious activity and understand the impacts after a security event. The vulnerability discovered that there is a method to bypass CloudTrail logging for specific IAM API requests via undocumented APIs. . You can read more about this vulnerability here Duo Sreeram KL and Sivanesh Ashok found a SSRF Vulnerability in GCP, which when exploited could make users click onto a malicious URL allowing attacks to gain control of an authorisation token and the user’s GCP projects. CircleCI delivered and have released an incident report which details what happened, how to know if you were impacted, what may help your teams, what they learnt and what they will do next. Corsha, which is API Identity and Access Management software company has released a report - It’s Time To Get Honest About Secrets Management Corsha State of API Secrets Management Report, 2023. Orca security have reported that they found instances where different services were vulnerable to a (you guessed it) Server Side Request Forgery (SSRF) attack. They shared that 2 of the vulnerabilities did not require authentication, meaning that they could be exploited without even having an Azure account.The vulnerabilities were found in Azure Twin Explorer, Azure Functions, Azure API Management Service and Azure Machine Learning Service. You can read their blog here to find out more Techcrunch has reported this week that Dell has acquired an israeli cloud orchestration startup Cloudify for allegedly $100M. Cloudify helps with the management of containers and workloads across hybrid environments. Dell has not publically mad this announcement but Techcrunch has shared that they notice a form they have lodged to indicate this.
What this episode covers
Cloud Security News this week 26 Jan 2023 To read more about this week's stories head to https://cloudsecuritypodcast.tv/cloud-security-news/ Podcast Twitter - Cloud Security Podcast (@CloudSecPod) Instagram - Cloud Security News Nick Frichette has reported a vulnerability that impacts Cloud Trail event logging service. Cloudtrail is what users use in AWS to monitor their API activity so that they can detect any suspicious activity and understand the impacts after a security event. The vulnerability discovered that there is a method to bypass CloudTrail logging for specific IAM API requests via undocumented APIs. . You can read more about this vulnerability here Duo Sreeram KL and Sivanesh Ashok found a SSRF Vulnerability in GCP, which when exploited could make users click onto a malicious URL allowing attacks to gain control of an authorisation token and the user’s GCP projects. CircleCI delivered and have released an incident report which details what happened, how to know if you were impacted, what may help your teams, what they learnt and what they will do next. Corsha, which is API Identity and Access Management software company has released a report - It’s Time To Get Honest About Secrets Management Corsha State of API Secrets Management Report, 2023. Orca security have reported that they found instances where different services were vulnerable to a (you guessed it) Server Side Request Forgery (SSRF) attack. They shared that 2 of the vulnerabilities did not require authentication, meaning that they could be exploited without even having an Azure account.The vulnerabilities were found in Azure Twin Explorer, Azure Functions, Azure API Management Service and Azure Machine Learning Service. You can read their blog here to find out more Techcrunch has reported this week that Dell has acquired an israeli cloud orchestration startup Cloudify for allegedly $100M. Cloudify helps with the management of containers and workloads across hybrid environments. Dell has not publically mad this announcement but Techcrunch has shared that they notice a form they have lodged to indicate this.
NOW PLAYING
Vulnerabilities discovered in AWS, GCP and Azure
No transcript for this episode yet
Similar Episodes
Apr 21, 2026 ·13m
Apr 19, 2026 ·16m
Apr 17, 2026 ·13m
Apr 13, 2026 ·11m
Apr 11, 2026 ·16m