Identity in the Cloud: When Local Vulnerabilities go Remote

24 Sep 2015

Organisations are increasingly moving to outsource risk tothe cloud. We were recently tasked by a client to perform research around oneof the major e-signature cloud offerings. After 2 days of research we were ableto reveal some critical design flaws (e.g. RCE via memory corruption that couldbe exploited from the Internet, by leveraging old-school bugs in third partylibraries).

Thedevelopers of the third party library almost certainly never expected to havetheir software exposed in such a manner, and this is how local vulnerabilitiesbecome Internet exposed vulnerabilities.

To share some of the detail David Klein, one of our consultants based in Melbourne, speaks to RiskyBiz on their latest podcast released this week.

Stay tunedfor the upcoming blog post, where more technical details will be discussed,including details of the vulnerability and the exploit, which was crafted byanother of our Melbourne based team, François Goichon.

CHECK IT Health Check Service
Cyber Essentials
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326
PCI - Approved Scanning Vendor
NCSC CCSC - Assured Service Provider
ASSURE Cyber Supplier - CAA