Security News > 2020 > September > Google Cloud Buckets Exposed in Rampant Misconfiguration
Six percent of all Google Cloud buckets are misconfigured and left open to the public internet, for anyone to access their contents.
In a survey of 2,064 Google Cloud buckets by Comparitech, 131 of them were found to be vulnerable to unauthorized access by users who could list, download and/or upload files.
Google Cloud database names must be between three and 63 characters, and contain only lowercase letters, numbers, dashes, underscores and dots, with no spaces; and, names must start and end with a number or letter.
While the analysis covered Google Cloud buckets only, the misconfiguration issue extends to other platforms; Amazon's S3 buckets for instance are the most popular means for apps, websites and online services to store data in the cloud, and are also often found to be exposed.
"Given increased reliance on cloud hosted systems and decentralized systems, it is incredibly important that IT and security teams educate themselves on the various access control settings for the cloud services they use," Joe Moles, vice president of customer security operations at Red Canary, said via email.
News URL
https://threatpost.com/google-cloud-buckets-exposed-misconfiguration/159429/
Related news
- Google Cloud introduces quantum-safe digital signatures in KMS (source)
- Google Cloud KMS Adds Quantum-Safe Digital Signatures to Defend Against Future Threats (source)
- Google Announces Quantum-Safe Digital Signatures in Cloud KMS, Takes “Post-Quantum Computing Risks Seriously” (source)
- Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security (source)
- Google to purchase Wiz for $32 billion in cloud security play (source)