December 1, 2023
AirFlow

Security researchers have uncovered misconfiguration in older versions of Apache Airflow that expose sensitive info across major companies across the media, finance, manufacturing, information technology, biotech, e-commerce, health, energy, cybersecurity and transportation industries.

Apache Airflow is an open-source workflow management platform that Airbnb Inc. first designed in 2014 to manage the company’s workflows. The service offers a plug and play platform for data engineers to visualize data pipeline dependencies, progress, logs, code, trigger tasks and success status.

The service has become popular, and therein lies the problem with the misconfiguration of older versions used by many companies. The misconfiguration can be found in Amazon Web Services Inc., Google Cloud Platform, Stripe Inc., PayPal Holdings Inc., Binance Ltd. and Slack Inc among others.

Exposing secrets such as user credentials can cause data leakage or allow attackers to spread further in a system. Customer data exposed as a result of a data leak can lead to a violation of data protection laws and the possibility of legal action.

Threat actors might be able to use these credentials to compromise entire app containers and/or run their own containers using a victim’s billing information.While user information wasn’t directly compromised through these leaks, they open the door to compromises of user data in massive quantities.

Tags:

Leave a Reply

You may have missed

TheCyberThrone Security Week In Review – November 25, 2023

November 30, 2023

BlueVoyant Acquires Conquest Cyber

November 30, 2023

Google Fixes Sixth Chrome ZeroDay of 2023

November 29, 2023

Ardent Health Services affected by a cyber incident

November 29, 2023

GE and DARPA – Claimed Hack raises concerns

November 28, 2023

POC released for Splunk Enterprise Vulnerability- CVE-2023-46214

November 28, 2023
%d bloggers like this: