all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

EmojiDeploy: Smile! Your Azure Web Service Just Got RCE’d ._.

Add to bookmarks
c
March 29, 2023, 12:20 a.m. |

Cloud Security Alliance cloudsecurityalliance.org

Originally published by Ermetic. Written by Liv Matan. The EmojiDeploy vulnerability is achieved through CSRF (Cross-site request forgery) on the ubiquitous SCM service Kudu. By abusing the vulnerability, attackers can deploy malicious zip files containing a payload to the victim's Azure application.ImpactEmojiDeploy allows remote code execution and a full takeover of the targeted application:Running code and commands as the www userTheft or deletion of sensitive dataPhishing campaignsTakeove...

abusing application attackers azure code code execution cross-site cross-site request forgery csrf deletion emojideploy ermetic files forgery malicious payload rce remote code remote code execution request scm service takeover victim vulnerability web zip

Visit resource

More from cloudsecurityalliance.org / Cloud Security Alliance

Cl
Cloud Security Alliance (CSA) AI Summit at RSAC to Deliver Critical Tools to Help Meet … 2 days, 13 hours ago | cloudsecurityalliance.org
advice alliance april benefits +19
Cl
7 Common Causes of Data Breach: Safeguarding Your Digital Assets 2 days, 15 hours ago | cloudsecurityalliance.org
assets breach breaches connected +16
Cl
How to Set Your Small Privacy Team Up for Success 3 days, 14 hours ago | cloudsecurityalliance.org
data data protection legislation organizations +11
Cl
The Data Security Risks of Adopting Copilot for Microsoft 365 3 days, 14 hours ago | cloudsecurityalliance.org
ai assistant ai-powered assistant copilot +20
Cl
From gatekeeper to guardian: Why CISOs must embrace their inner business superhero 1 week, 1 day ago | cloudsecurityalliance.org
business ciso cisos firewalls +6
Cl
Cantwell Proposes Legislation to Create a Blueprint for AI Innovation and Security 1 week, 1 day ago | cloudsecurityalliance.org
cantwell chair commerce european union +13
Cl
Sealing Pandora's Box - The Urgent Need for Responsible AI Governance 1 week, 1 day ago | cloudsecurityalliance.org
ai governance attention box code +15
Cl
Remote Code Execution (RCE) Lateral Movement Tactics in Cloud Exploitation 1 week, 1 day ago | cloudsecurityalliance.org
can cloud code code execution +16
Cl
How to Audit Your Outdated Security Processes 1 week, 2 days ago | cloudsecurityalliance.org
advanced audit business compliance +15

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Information Systems Security Officer (ISSO), Junior

@ Dark Wolf Solutions | Remote / Dark Wolf Locations
View on infosec-jobs.com

Cloud Security Engineer

@ ManTech | REMT - Remote Worker Location
View on infosec-jobs.com

SAP Security & GRC Consultant

@ NTT DATA | HYDERABAD, TG, IN
View on infosec-jobs.com

Security Engineer 2 - Adversary Simulation Operations

@ Datadog | New York City, USA
View on infosec-jobs.com
View more jobs