Blog
Share This Post
[ad_1]
Threat actors could exploit a vulnerability in Google Cloud‘s Document AI service to facilitate data exfiltration, reports SiliconAngle.
Broad permissions obtained by the service as a result of its document processing in Cloud Storage enable access to Cloud Storage buckets within the project and could be leveraged by threat actors to infiltrate buckets that should have been inaccessible, according to a report from Vectra AI.
Attackers with adequate permissions could also establish or alter processors even in organizations not using Document AI due to access being provided by the service’s Core Service Agent, said Vectra AI researchers.
With Google still determining how to classify the issue months after being reported by Vectra AI, organizations using Google Cloud have been urged by the threat detection and response firm to deactivate Document AI through Organizational Policy Constraints, as well as adopt more stringent identity and access management policies.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
