Cloud Security, Supply chain

IBM Cloud flaw addressed

SecurityWeek reports that IBM has issued a fix for the Hell's Keychain vulnerability discovered by Wiz security researchers in IBM Cloud Databases for PostgreSQL. With the patch automatically applied, no additional action is needed for Hell's Keychain, which has not been actively exploited, noted IBM. Hell's Keychain, which is composed of three chained secrets and permissive network access, was the first-ever supply chain attack vector affecting the infrastructure of a cloud provider, according to Wiz. "This attack vector could allow malicious actors to remotely execute code in customers environments to read and modify the data stored in the PostgreSQL database," said Wiz, which noted that trusted IBM Cloud repositories could also be modified to force malicious code execution. Wiz has also detailed the vulnerability's technical description in a blog post. "Hell's Keychain reinforces the importance of proper secrets management, network controls, and tenant isolation, especially in large and complex cloud environments," Wiz added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.