Tenable, the cloud exposure management company, has uncovered a privilege escalation vulnerability in Google Cloud Composer (GCP) named ConfusedComposer. The vulnerability lets attackers with edit permissions in Cloud Composer to escalate privileges and gain access to a high-level service account with broad permissions across GCP.
Showing posts with label vulnerability. Show all posts
Showing posts with label vulnerability. Show all posts
02 May 2025
19 June 2024
Newsletter: Kaspersky finds 24 vulnerabilities in Chinese biometric access systems
[THIS IS A PRESS RELEASE]
Kaspersky has identified numerous flaws in the hybrid biometric terminal produced by international manufacturer ZKTeco. By adding random user data to the database or using a fake QR code, a nefarious actor can easily bypass the verification process and gain unauthorized access. Attackers can also steal and leak biometric data, remotely manipulate devices, and deploy backdoors. High-security facilities worldwide are at risk if they use this vulnerable device.
The flaws were discovered in the course of Kaspersky Security Assessment experts’ research into the software and hardware of ZKTeco’s white-label devices. All findings were proactively shared with the manufacturer prior to public disclosure.
Subscribe to:
Posts (Atom)