Ep #6 | Overview
In this episode we discuss key cybersecurity threats and cloud innovations. Topics include brute force attacks on construction firms, vulnerabilities exposed by CISA, Google’s GCP flaw fix, and cloud repatriation trends.
Also available on:
Episode highlights
Brute Force Attacks on Construction Firms
- Huntress recommends immediate action by rotating credentials and securing SQL servers to prevent future breaches.
- Hackers are targeting construction industry accounting software via brute force attacks to access privileged accounts, particularly exploiting weak or default Microsoft SQL Server passwords.
- These attacks expose sensitive data, allowing hackers to execute commands directly in the system, compromising companies across various sub-industries.
CISA’s Warning on Five Critical Vulnerabilities
- CISA urges organizations to mitigate these risks before the October 9, 2024 deadline by applying necessary patches.
- The Cybersecurity and Infrastructure Security Agency (CISA) warns about five critical vulnerabilities being actively exploited, with Apache HugeGraph-Server and Microsoft SQL Server Reporting Services among the most concerning.
- These vulnerabilities could allow attackers to execute code remotely or gain system-level privileges, risking data security and system integrity.
Google Cloud Patches Composer Vulnerability
Google advises customers to use trusted repositories for package installations and follow updated security practices.
Google Cloud Platform fixed a vulnerability in its Composer tool, dubbed ‘CloudImposer,’ that posed a significant supply chain attack risk by exploiting internal software dependencies.
The vulnerability had the potential to affect widespread users by injecting malicious packages into the system, but Google patched it with no evidence of exploitation.
Microsoft Azure Introduces New Failover Type for Geo-Redundant Storage
- Microsoft launched a customer-managed planned failover feature for Azure Storage, allowing users to perform seamless failovers without data loss or reconfiguring geo-redundancy.
- This feature enhances disaster recovery testing and partial outage handling by offering greater control over storage accounts.
- Previously, only unplanned failover was available, making this new feature a more flexible and efficient solution for continuity.
Cloud Repatriation: AWS Faces a Shift Back to On-Prem
Despite the shift, AWS remains confident in its offerings but acknowledges the evolving competition from on-premise infrastructure providers.
AWS reveals that some customers are moving workloads back to on-premise infrastructure, driven by the need for better cost control, security, and data management.
This trend, known as cloud repatriation, reflects growing interest in hybrid and multicloud solutions as companies seek greater flexibility and ownership of resources.
Sources
- Construction firms breached in brute force attacks on accounting software – Bleeping Computer (September 14, 2024)
- CISA Warns of Five Vulnerabilities Actively Exploited in the Wild – Cybersecurity News (September 10, 2024)
- Google GCP Flaw Fixed After Composer Vulnerability Found – CRN (September 15, 2024)
- Microsoft’s Customer Managed Planned Failover Type for Azure Storage Available in Public Preview – InfoQ (September 12, 2024)
- AWS says customers are turning back to on-prem – TechRadar (September 9, 2024)
Welcome to the Red9 Podcast, your go-to source for the latest in database news and insights. I’m your host, Kit, and today we’ll cover everything from brute force attacks on construction firms to Google’s GCP vulnerability fix, Azure Storage updates, and trends in cloud repatriation. Let’s get started!
First up, we’re seeing a disturbing trend in the construction industry. Hackers are targeting accounting software used by construction firms, specifically brute-forcing passwords to gain access to highly privileged accounts. According to Huntress, an increasing number of breaches have been detected across companies in sub-industries like plumbing, HVAC, and concrete.
The issue stems from exposed Microsoft SQL Servers, which are used by the accounting software called Foundation. The hackers are exploiting weak or default passwords on admin accounts such as ‘sa’ and ‘dba,’ allowing them to execute commands directly on the operating system. In some cases, these brute-force attacks reached up to 35,000 attempts in just one hour.
Huntress has identified 500 hosts running this accounting software, with 33 exposing their SQL databases to the public. The key takeaway? If you’re an admin using this software, rotate your credentials immediately and ensure your server isn’t unnecessarily exposed. The risk is high, but there are simple steps to protect your data.
Next, the Cybersecurity and Infrastructure Security Agency (CISA) is sounding the alarm on five vulnerabilities that are being actively exploited in the wild. Among the most serious is a vulnerability in Apache HugeGraph-Server that allows remote code execution. There’s also a critical flaw in Microsoft SQL Server Reporting Services, which could give attackers the ability to run code with system-level privileges.
Other notable vulnerabilities include a flaw in Oracle JDeveloper and another in Oracle WebLogic Server, both of which enable remote attackers to execute code on unpatched systems. The deadline for organizations to address these vulnerabilities is fast approaching, with CISA urging everyone to implement mitigations by October 9th. Don’t wait on this one, especially if your systems are running any of these affected platforms.
On the cloud front, Google has patched a critical security flaw within its Google Cloud Platform’s Composer tool, which orchestrates software pipelines. Dubbed ‘CloudImposer,’ this vulnerability could have been used to launch a massive supply chain attack by hijacking Google’s internal software dependencies.
Tenable Research discovered this flaw and worked with Google to patch it. While there’s no evidence that the vulnerability was exploited in the wild, it’s a stark reminder of how vulnerable supply chains can be when widely used services are compromised. For Google Cloud users, make sure you’re installing Python packages from trusted repositories, as recommended in Google’s updated guidance.
In other cloud news, Microsoft has introduced a new feature in public preview for Azure Storage called customer managed planned failover. This allows customers to perform failovers of their geo-redundant storage without losing data or incurring additional costs.
This new feature is designed for disaster recovery testing and partial outages, giving users more control over their storage accounts. Previously, Azure only offered an unplanned failover option, which would require reconfiguring geo-redundancy afterward. Now, with planned failover, the transition between primary and secondary regions is smoother, and businesses can ensure continuity without any significant disruptions.
Finally, an interesting trend is emerging in the cloud market: cloud repatriation. According to AWS, some customers are moving workloads back to on-premise infrastructure. This shift is being driven by the need for more control over costs, security, and data management.
AWS, which holds around one-third of the global cloud market, is facing competition from on-prem and hybrid cloud setups. While AWS isn’t too worried about this trend, it’s clear that companies are increasingly exploring hybrid and multicloud solutions. In a time when flexibility and control are key, this could signal a broader shift in how enterprises manage their IT infrastructure moving forward.
That wraps up today’s episode of the Red9 Podcast. Thanks for listening! And don’t forget to subscribe and share! Stay tuned for more updates and insights in our next episode!