Cloud-Security

Ontinue security researchers have discovered a “cross-tenant blind spot” in Microsoft Teams that allows attackers to bypass Microsoft Defender for Office 365 protections using the guest access feature. The problem is that when a user operates as a guest in an external tenant, their security protections are determined entirely by the hosting environment, and not by the security policies of their home organization. This fundamental architectural gap opens the door to attack scenarios where users become unprotected guests in a malicious environment controlled by the attacker. ...

Security researchers at Oligo Security have discovered five vulnerabilities in Fluent Bit, a lightweight, open-source telemetry agent, that could be chained together to compromise and take control of cloud infrastructures. Fluent Bit is widely used in enterprise environments, and successful exploitation of these flaws could allow attackers to disrupt cloud services, manipulate data, and delve into Kubernetes and cloud infrastructures. Details of Vulnerabilities The identified security flaws allow attackers to bypass authentication, perform path traversal, achieve remote code execution (RCE), cause denial of service (DoS) conditions, and manipulate tags. The five vulnerabilities are detailed below: ...