- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
- This $28 'magic arm' makes taking pictures so much easier (and it's only $20 for Black Friday)
Tenable Research to Reveal a Critical Google Cloud Platform Vulnerability at Black Hat USA 2024
Tenable®, the Exposure Management company, today announced Liv Matan, senior cloud security researcher for Tenable, will give presentations at Black Hat USA 2024, DEF CON 32 Cloud Village and BSides Las Vegas 2024, taking place from August 6 – 11, 2024 in Las Vegas, Nevada.
At Black Hat USA, Matan will give an in-depth presentation on the supply chain exposures that can arise when cloud services are stacked on top of each other. During the session titled, “The GCP Jenga Tower: Hacking Millions of Google’s Servers With a Single Package (and more),” he will disclose a new critical remote code execution (RCE) vulnerability – dubbed “CloudImposer” – which Tenable Research found in Google Cloud Platform (GCP).
At BSides Las Vegas, Matan will give a presentation on domain management, the dangers of shared parent domains and FlowFixation, a previously disclosed vulnerability found in Amazon Web Services (AWS) by Tenable Research. In addition, Matan will give a presentation on the weaknesses introduced by cloud cross-service dependency and the stackability of cloud services, including details on a previously disclosed vulnerability found by Tenable Research in GCP, dubbed ConfusedFunction.
Details for each speaking engagement are as follows:
BSides Las Vegas
- Session Title: My Terrible Roommates: Discovering the FlowFixation Vulnerability & the Risks of Sharing a Cloud Domain
- Date and Time: August 6, 2024 at 3:00 – 3:50 pm PT
- Location: Tuscany Suites & Casino, Breaking Ground Room
Black Hat USA
- Session Title: The GCP Jenga Tower: Hacking Millions of Google’s Servers With a Single Package (and more)
- Date and Time: August 7, 2024 at 1:30 – 2:10 pm PT
- Location: Mandalay Bay Convention Center, South Pacific F, Level 0
DEF CON Cloud Village
- Session Title: One Click, Six Services: Abusing The Dangerous Multi-service Orchestration Pattern
- Date and Time: August 10, 2024 at 11:45 – 12:10 pm PT
- Location: Las Vegas Convention Center West, W2 Hall
More information about Tenable Cloud Security is available at: https://www.tenable.com/products/tenable-cloud-security.
About Tenable
Tenable® is the Exposure Management company. Approximately 44,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include approximately 65 percent of the Fortune 500, approximately 50 percent of the Global 2000, and large government agencies. Learn more at tenable.com.
###
Media Contact:
Tenable