A recently disclosed security flaw in the Google Cloud Platform’s (GCP) Cloud SQL service could have enabled a malicious actor to gain access to confidential data, such as secrets, passwords, and sensitive files, as well as customer data. Dig, an Israeli cloud security firm, identified a multi-stage attack chain that exploited a gap in the cloud platform’s security layer associated with SQL Server, granting the user elevated permissions. This misconfiguration then allowed the actor to take full control of the database server, and access all files hosted on the underlying operating system. Google addressed the issue in April 2023, following the responsible disclosure in February 2023. At the same time, the tech giant announced the availability of its Automatic Certificate Management Environment (ACME) API for all Google Cloud users to automatically acquire and renew TLS certificates for free. This should help protect users from similar security flaws in the future, as well as other threats.
Source: Hackernews
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.