A critical security vulnerability has been identified in the Oracle Cloud infrastructure,called AttachMe, that threat actors can exploit to access the virtual disks of Oracle customers.

The vulnerability, AttachMe, compromises the security of cloud isolation by allowing threat actors to access other users’ OCI storage volumes without permission, capture and modify sensitive data stored on the volume, and execute code on affected systems. Successfully exploiting the vulnerability requires threat actors to capture the Oracle Cloud Identifier provided to an Oracle Cloud Infrastructure user and insert it into their Oracle Cloud virtual machine. Oracle Cloud infrastructure does not have a security mechanism that checks who owns this identifier. Therefore, threat actors can easily add the identifier to their virtual machines and gain access to the storage units of the Cloud customer that owns the identifier.

there is a critical vulnerability in oracle cloud system called attachme — Figure 1: Attack process

Upon its disclosure, the vulnerability was fixed by Oracle within a few hours. This critical vulnerability highlights the vital importance of overall monitoring security vulnerabilities in cloud environments.

AffectMe: The Critical Vulnerability in Oracle Cloud Infrastructure

What will the IT professions of the future be?

ZeroBot: New Botnet Malware Using IoT Security Vulnerabilities

Critical RCE Alarm in FreeBSD Ping

Security News – Week 49

Critical XSS Alert Affecting Zyxel’s Specific Firewall Models

LastPass Suffers A Data Breach

Related Posts

ZeroBot: New Botnet Malware Using IoT Security Vulnerabilities

Critical RCE Alarm in FreeBSD Ping

Critical XSS Alert Affecting Zyxel’s Specific Firewall Models

LastPass Suffers A Data Breach

We know what hackers know about you

Solutions

Use Case

Partners

Company