Critical vulnerabilities found across all cloud providers

No Comments

A new report from CyCognito highlights critical security vulnerabilities across cloud-hosted material, revealing that one in three easily exploitable vulnerabilities or misconfigurations are found on cloud assets.

Though uncommon, critical vulnerabilities (CVSS 9.0 or higher) have been detected on assets hosted by all cloud providers, with assets hosted by Azure showing a slightly higher percentage (0.07 percent) compared to assets hosted by AWS and Google Cloud (0.04 percent).

"While cloud computing offers tremendous benefits, we're seeing an alarming increase in serious security issues affecting cloud assets," says Emma Zaballos, senior researcher at CyCognito. "Organizations must understand the crucial difference between high-severity vulnerabilities and those that are easily exploitable -- both present distinct risks that require targeted security approaches."

The research finds that 38 percent of assets hosted by Google Cloud were vulnerable to at least one security issue or misconfiguration, over 2.5x more than assets hosted by AWS (15 percent), while assets hosted by Azure ranked second with 27 percent.

Vulnerabilities are more comon outside of the hyper-scale cloud providers. Over 13 percent of assets hosted on other clouds and 10 percent on other hosting providers had easily exploitable vulnerabilities, compared to five percent hosted on Google Cloud and just two percent on AWS and Azure.

Assets with both critical and easily exploitable issues were found across all providers though, with AWS showing the lowest rate (0.02 percent) while alternative cloud and hosting providers showed rates ten times higher.

"Security teams must focus on testing applications after they're deployed, not just during development," adds Zaballos. "Dynamic application security testing is crucial as it actively tests live assets, uncovering application vulnerabilities and misconfigurations that static tools miss."

The research comes as CyCognito has announced a new partnership with Wiz to enhance protection of cloud environments. CyCognito enriches Cloud-Native Application Protection Platform (CNAPP) coverage by identifying externally exposed cloud assets and identifying vulnerabilities and misconfigurations using more than 80,000 active and passive tests.

Image credit: Leowolfert/Dreamstime.com

No Comments
Got News? Contact Us

Recent Headlines

OpenAI spends billions to buy Jony Ive's io as Sam Altman bets big on design-led future

Logitech G522 LIGHTSPEED headset launches with RGB and long battery life

New AI platform knows when you're lying, tired, or overwhelmed

Critical vulnerabilities found across all cloud providers

Windows 7 Reloaded solves Windows 11's biggest problem -- download it now

Free open-source Woodpecker aims to make red-teaming more accessible

Cross-site scripting is now responsible for 40 percent of all web attacks -- here's what you need to know

Most Commented Stories

Say 'no thanks' Microsoft Windows 11 and 'yes please' to AnduinOS 1.3

61 Comments

Nintendo says your Switch 2 isn’t really yours even if you paid for it

26 Comments

Move over Windows 11, Windows 12 is the Microsoft operating system we need

25 Comments

Microsoft has finally relented and is giving Windows 11 users the new Start menu they want

23 Comments

Never mind Windows 11, Commodore OS Vision 3.0 is the retro-inspired OS you didn't know you needed -- download it now!

18 Comments

Ditch Microsoft Windows for ALT Workstation 11: A Russian Linux distro with a modern GNOME desktop

15 Comments

Crapfixer 1.0 is here to fix Windows 11 and turn it into the operating system you deserve -- download it now!

14 Comments

Hackers can now bypass Linux security thanks to terrifying new Curing rootkit

11 Comments

© 1998-2025 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.