"Google Cloud's 'Dataproc' Abuse Risk Endangers Corporate Data Stores"

In one of Google's cloud services for data scientists, lax security controls could allow hackers to create applications, execute operations, and access data in Internet-facing environments. The problem stems from Google Cloud's "Dataproc," a managed service for running large-scale data processing and analytics workloads using Apache Hadoop, Spark, and over 30 other open source tools and frameworks. An "abuse risk" to Dataproc, as described by the Orca Research Pod on December 12, is based on the presence of two default open firewall ports used by Dataproc. If an attacker can compromise a server in an exposed cloud environment, they could exploit missing security checks to access connected resources, such as data scientists' sensitive data. They could also experiment with their cloud environments in various ways. This article continues to discuss the new way hackers could abuse the cloud.

Dark Reading reports "Google Cloud's 'Dataproc' Abuse Risk Endangers Corporate Data Stores"

Submitted by grigby1