Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

‘Damn vulnerable’ training apps leave vendors’ clouds exposed

(AVNSURESH / Pixabay)

By Nate Nelson

Security vendors have been leaving deliberately insecure training applications on the public Internet, and attackers have been taking advantage of them to breach their cloud environments.

What’s the worst kind of asset an organization can leave open on the Web? A database? A management interface? An edge device with a known vulnerability? Organizations are constantly breached through means like these. 

In a newly published report, Pentera researcher Noam Yaffe highlights another lesser known but potentially more dangerous backdoor into organizations; a backdoor that, ironically, is more common among cybersecurity vendors than among anyone else: cybersecurity training applications. Insecure by design, hackers are already leveraging these all too often over-permissioned and exposed programs to access IT systems at major security vendors like F5, Cloudflare, and Palo Alto Networks.

Read more at Dark Reading

Click to listen highlighted text!