A recent security incident at Vercel, a prominent cloud platform, has highlighted a critical and often overlooked vulnerability: the OAuth gap. The breach, which saw attackers gain unauthorised access to Vercel's internal systems, originated from a seemingly innocuous action – an employee installing a third-party AI tool, Context.ai, and granting it broad permissions via their corporate Google Workspace account. This incident underscores how easily a single compromised account can become a gateway to sensitive production environments.
The attackers exploited a chain of events starting with an infection on an employee's machine at Context.ai, which led to the theft of various credentials, including Google Workspa ce logins. This access was then leveraged to gain entry into Vercel's systems through the pre-existing OAuth grant. A key factor in the escalation was the attacker's ability to access environment variables that were not marked as “sensitive,” which were stored in plaintext and accessible via Vercel's dashboard and API. This allowed them to gather further credentials and move laterally within Vercel's infrastructure.
The incident also revealed that the compromised Context.ai extension possessed a second OAuth grant, allowing read access to users' Google Drive files, further widening the potential attack surface. Security experts point out that most security teams struggle to detect, scope, or contain such breaches because they lack visibility into the OAuth permissions granted by employees to third-party applications, especially AI tools, which are increasingly becoming the new frontier of shadow IT. The extended dwell time between Context.ai's detection of the breach and V ercel's public disclosure also raises concerns about vendor notification timelines. The breach serves as a stark reminder of the need for stringent governance over AI tool integrations and a robust approach to third-party risk management, as the speed and sophistication of attacks, potentially accelerated by AI, continue to grow.
Fuente Original: https://venturebeat.com/security/vercel-breach-exposes-the-oauth-gap-most-security-teams-cannot-detect-scope-or-contain
Artículos relacionados de LaRebelión:
- Mozillas AI Discovers 271 Firefox Security Vulnerabilities
- China Closes AI Gap Despite 23x Less Spending
- Calcom Abandons Open Source Citing AI Security Threats
- Linux 70 Released with Rust and Quantum Security
- OpenAIs AI Security Move Limited Cyber Model Release
Artículo generado mediante LaRebelionBOT
No hay comentarios:
Publicar un comentario