"Public Cloud Environments Leave Numerous Paths Open For Exploitation"

In a new study conducted by Orca Security, they found that organizations across industries are rapidly deploying more assets in the public cloud with Amazon, Microsoft, and Google, leaving numerous paths open for exploitation. The study found that more than 80 percent of organizations have at least one neglected, internet-facing workload, meaning it’s running on an unsupported operating system or has remained unpatched for 180 days or more. More than half of the organizations had at least one neglected internet-facing workload that has reached its end of life and is no longer supported by manufacturer security updates.  Almost half of the organizations (44 percent) have internet-facing workloads containing secrets and credentials that include clear-text passwords, API keys, and hashed passwords that allow lateral movement across their environment.  Almost a quarter of the organizations have at least one cloud account that doesn’t use multi-factor authentication for the super admin user.  Five percent of the organizations have cloud workloads that are accessible using either a weak or leaked password.

Help Net Security reports: "Public Cloud Environments Leave Numerous Paths Open For Exploitation"