Researchers warn that a permission associated with the Google Cloud Build service in Google Cloud can be easily abused by attackers with access to a regular account to elevate their privileges and potentially poison container images used in production environments. Google Cloud Build is a CI/CD platform that allows organizations and developers to execute code building tasks on Google Cloud in a variety of programming languages. The service supports importing source code from repositories and cloud storage locations, builds the code based on a configured specification, and produces artifacts such as container images that can be deployed directly into production environments.

The post <i class="fa fa-thumb-tack" aria-hidden="true"></i><img class="slider-image" src="public_html/wp-content/uploads/2017/03/pin_icon.png"/>Attackers can abuse Google Cloud Build to poison production environments appeared first on Cyber Security Minute.