- "기밀 VM의 빈틈을 메운다" 마이크로소프트의 오픈소스 파라바이저 '오픈HCL'란?
- The best early Black Friday AirPods deals: Shop early deals
- The 19 best Black Friday headphone deals 2024: Early sales live now
- I tested the iPad Mini 7 for a week, and its the ultraportable tablet to beat at $100 off
- The best Black Friday deals 2024: Early sales live now
Tenable Research to Reveal a Critical Google Cloud Platform Vulnerability at Black Hat USA 2024
Tenable®, the Exposure Management company, today announced Liv Matan, senior cloud security researcher for Tenable, will give presentations at Black Hat USA 2024, DEF CON 32 Cloud Village and BSides Las Vegas 2024, taking place from August 6 – 11, 2024 in Las Vegas, Nevada.
At Black Hat USA, Matan will give an in-depth presentation on the supply chain exposures that can arise when cloud services are stacked on top of each other. During the session titled, “The GCP Jenga Tower: Hacking Millions of Google’s Servers With a Single Package (and more),” he will disclose a new critical remote code execution (RCE) vulnerability – dubbed “CloudImposer” – which Tenable Research found in Google Cloud Platform (GCP).
At BSides Las Vegas, Matan will give a presentation on domain management, the dangers of shared parent domains and FlowFixation, a previously disclosed vulnerability found in Amazon Web Services (AWS) by Tenable Research. In addition, Matan will give a presentation on the weaknesses introduced by cloud cross-service dependency and the stackability of cloud services, including details on a previously disclosed vulnerability found by Tenable Research in GCP, dubbed ConfusedFunction.
Details for each speaking engagement are as follows:
BSides Las Vegas
- Session Title: My Terrible Roommates: Discovering the FlowFixation Vulnerability & the Risks of Sharing a Cloud Domain
- Date and Time: August 6, 2024 at 3:00 – 3:50 pm PT
- Location: Tuscany Suites & Casino, Breaking Ground Room
Black Hat USA
- Session Title: The GCP Jenga Tower: Hacking Millions of Google’s Servers With a Single Package (and more)
- Date and Time: August 7, 2024 at 1:30 – 2:10 pm PT
- Location: Mandalay Bay Convention Center, South Pacific F, Level 0
DEF CON Cloud Village
- Session Title: One Click, Six Services: Abusing The Dangerous Multi-service Orchestration Pattern
- Date and Time: August 10, 2024 at 11:45 – 12:10 pm PT
- Location: Las Vegas Convention Center West, W2 Hall
More information about Tenable Cloud Security is available at: https://www.tenable.com/products/tenable-cloud-security.
About Tenable
Tenable® is the Exposure Management company. Approximately 44,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include approximately 65 percent of the Fortune 500, approximately 50 percent of the Global 2000, and large government agencies. Learn more at tenable.com.
###
Media Contact:
Tenable