September 17, 2024 at 11:33AM Google has patched a vulnerability in its Google Cloud Platform (GCP) that could have led to supply chain attacks on customer cloud servers. Researchers discovered the flaw, dubbed “CloudImposer,” in GCP’s Cloud Composer service, posing a dependency confusion risk. Google addressed the issue by fixing the vulnerable script and updating … Read more
September 17, 2024 at 09:15AM Tenable revealed details of the CloudImposer attack method, which could have led to remote code execution on Google Cloud Platform (GCP). The attack exploited a Python argument to carry out a dependency confusion attack. After reporting the vulnerability, Google promptly patched the RCE bug and updated its documentation to mitigate … Read more
September 16, 2024 at 09:27AM A critical security flaw in Google Cloud Platform Composer, now patched, could have allowed remote code execution via a supply chain attack called dependency confusion. This could have led to a large-scale supply chain attack by tricking the package manager into downloading a malicious package. The issue was fixed by … Read more
April 23, 2024 at 11:28AM Researchers have found a vulnerability in the archived Apache project Cordova App Harness, leading to dependency confusion attacks. Over 49% of organizations are vulnerable. Despite npm’s efforts to fix the issue, the Cordova App Harness project remains at risk. The discovery emphasizes the importance of addressing vulnerabilities in third-party projects … Read more