- La colaboración entre Seguridad y FinOps puede generar beneficios ocultos en la nube
- El papel del CIO en 2024: una retrospectiva del año en clave TI
- How control rooms help organizations and security management
- ITDM 2025 전망 | “효율경영 시대의 핵심 동력 ‘데이터 조직’··· 내년도 활약 무대 더 커진다” 쏘카 김상우 본부장
- 세일포인트 기고 | 2025년을 맞이하며… 머신 아이덴티티의 부상이 울리는 경종
Tenable Research to Reveal a Critical Google Cloud Platform Vulnerability at Black Hat USA 2024
Tenable®, the Exposure Management company, today announced Liv Matan, senior cloud security researcher for Tenable, will give presentations at Black Hat USA 2024, DEF CON 32 Cloud Village and BSides Las Vegas 2024, taking place from August 6 – 11, 2024 in Las Vegas, Nevada.
At Black Hat USA, Matan will give an in-depth presentation on the supply chain exposures that can arise when cloud services are stacked on top of each other. During the session titled, “The GCP Jenga Tower: Hacking Millions of Google’s Servers With a Single Package (and more),” he will disclose a new critical remote code execution (RCE) vulnerability – dubbed “CloudImposer” – which Tenable Research found in Google Cloud Platform (GCP).
At BSides Las Vegas, Matan will give a presentation on domain management, the dangers of shared parent domains and FlowFixation, a previously disclosed vulnerability found in Amazon Web Services (AWS) by Tenable Research. In addition, Matan will give a presentation on the weaknesses introduced by cloud cross-service dependency and the stackability of cloud services, including details on a previously disclosed vulnerability found by Tenable Research in GCP, dubbed ConfusedFunction.
Details for each speaking engagement are as follows:
BSides Las Vegas
- Session Title: My Terrible Roommates: Discovering the FlowFixation Vulnerability & the Risks of Sharing a Cloud Domain
- Date and Time: August 6, 2024 at 3:00 – 3:50 pm PT
- Location: Tuscany Suites & Casino, Breaking Ground Room
Black Hat USA
- Session Title: The GCP Jenga Tower: Hacking Millions of Google’s Servers With a Single Package (and more)
- Date and Time: August 7, 2024 at 1:30 – 2:10 pm PT
- Location: Mandalay Bay Convention Center, South Pacific F, Level 0
DEF CON Cloud Village
- Session Title: One Click, Six Services: Abusing The Dangerous Multi-service Orchestration Pattern
- Date and Time: August 10, 2024 at 11:45 – 12:10 pm PT
- Location: Las Vegas Convention Center West, W2 Hall
More information about Tenable Cloud Security is available at: https://www.tenable.com/products/tenable-cloud-security.
About Tenable
Tenable® is the Exposure Management company. Approximately 44,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include approximately 65 percent of the Fortune 500, approximately 50 percent of the Global 2000, and large government agencies. Learn more at tenable.com.
###
Media Contact:
Tenable