HomeNews & updatesMisconfigured airflows leak thousands of credentials from popular services - Security Magazine

Misconfigured airflows leak thousands of credentials from popular services – Security Magazine

While researching a misconfiguration in the popular workflow platform Apache Airflow, Intezer discovered several unprotected instances. These unsecured instances expose companies’ sensitive information across the media, finance, manufacturing, information technology (IT), biotech, e-commerce, health, energy, cybersecurity, and transportation industries. In the vulnerable Airflows, Intezer observed exposed credentials for popular platforms and services such as Slack, PayPal, AWS and more.

During the research process, Intezer also found:

Researchers say that malicious code execution and malware can also be launched on the exposed production environments and even on Apache Airflow itself.

Intezer has notified the identified entities to fix their misconfigured Airflow instances as part of the responsible disclosure policy.

Jake Williams, Co-Founder and CTO at BreachQuest, an Augusta, Georgia-based leader in incident response, says, “This leak is extremely significant. Unlike more traditional credential leaks that impact individual user accounts, these credential leaks impact entire application framework instances. Threat actors might use leaked credentials to compromise entire databases containing sensitive user content. In some cases, threat actors might be able to use these credentials to compromise entire application containers and/or run their own containers using a victim’s billing information. In short, while user information wasn’t directly compromised through these leaks, they open the door to compromises of user data in massive quantities.”

Misconfigured cloud services and apps are a massive security risk to any organization, explains Hank Schless, Senior Manager, Security Solutions at Lookout, a San Francisco, Calif.-based endpoint-to-cloud security company. 

“These days, a simple misconfiguration could be the backstage pass that an attacker needs to access the entire infrastructure. Attackers are constantly crawling the internet to find misconfigured or unsecured services that they can easily access. One misconfigured service could give an attacker all they need to move laterally throughout the entire infrastructure – especially in large complex infrastructures where the attacker can move quietly without setting off any alarm bells,” Schless says. “This particular incident is concerning because of the number and variety of cloud services that Airflow supports. As one of the most popular open-source solutions in the world, the effects of the incident are far-reaching.”

“Managing the security posture of your cloud and SaaS apps should be a key aspect of any organization’s overall security strategy. Cloud access security broker (CASB) solutions help solve this issue by keeping an eye on the configurations of any cloud-based SaaS or IaaS app,” Schless adds. “These solutions also help identify anomalous activity that could be indicative of a compromised account or device through user and entity behavior analytics (UEBA), and data loss prevention (DLP) capabilities to keep your corporate data safe.”
Subscribe to Security Magazine
You must have JavaScript enabled to enjoy a limited number of articles over the next 30 days.
Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company. Interested in participating in our Sponsored Content section? Contact your local rep.
Let’s examine a sad reality: Workplace violence is not going away. How can this data be leveraged to help ensure the safety of your employees, patients, and guests? 
Situational awareness should be at the forefront of your security program. It can mean the difference between life and death in a workplace emergency.
 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 
SEC shooter detection webinar
Copyright ©2022. All Rights Reserved BNP Media.
Design, CMS, Hosting & Web Development :: ePublishing


- Advertisment -

Most Popular

- Advertisment -