UpGuard discovered an Elasticsearch database containing over three terabytes of data from APIsec.ai, a security firm utilized by 80% of the Fortune 100. The database included application programming interface (API) scanning results, configuration data for private scanning instances, and other user-specific information collected during scanning. The data leak posed a potential risk to companies, providing extensive information about their susceptibility to cyberattacks. Once notified, APIsec secured the database that same day.
Google Cloud Composer Vulnerability Let Attackers Elevate Their Privileges
A critical vulnerability in Google Cloud Platform, named “ConfusedComposer,” allowed attackers to escalate privileges to sensitive resources via Google Cloud Composer, a workflow orchestration service.
