Hi,
CSA Japan Chapter is translating the Top Threats to Cloud Computing: Egregious Eleven Deep Dive to Japanese and have the following 4 questions. Would somebody give me answers and suggestions for them?
1. Page7 Observations, first paragraph
It says "Data Center Services (CDS)". It seems to be DCS instead of CDS. Am I right?
2. Page8 Capital One, Attack Details, Attack
It says "Over privileged access given to the WAF allowed the attacker to gain access to protected cloud storage (AWS S3 buckets) with the ability to read data sync and exfiltrate sensitive information."
It is unclear for me that "with the ability to read data sync and exfiltrate sensitive information". Could you tell me why the issue is related to the data sync? Is this the one for the AWS Data Sync?
3. Page14 Github, Attack Detail, Vulnerabilities
It says "Vulnerabilities: Insiders - Employees, consultants, etc., with access rights, improperly trained to question or are neglectful when presented with potentially malevolent email."
I do not know what this vulnerability relates to the DDoS attack. Could you tell me why it is related to?
4. Page 24, Zoom,Technical Impacts, Credential compromise
It says "Zoom lost over 500M usernames and passwords". From the following article, it says 500,000 username. It seems that it is 500K instead of 500M. Am I right?
Regards,
- Morozumi
------------------------------
Masahiro Morozumi
Executive Director
CSA Japan Chapter
------------------------------