Dark Reading

Critical AWS Vulnerabilities Allow S3 Attack Bonanza

BLACK HAT USA – Las Vegas – Thursday, Aug. 8 – Six critical vulnerabilities in Amazon Web Services (AWS) could have allowed threat actors to target organizations with remote code execution (RCE), ...
CSOonline

whoAMI name confusion attacks can expose AWS accounts to malicious code execution

Thousands of active AWS accounts are vulnerable to a cloud image name confusion attack that could allow attackers to execute codes within those accounts. According to DataDog research, vulnerable ...
CSOonline

S3 shadow buckets leave AWS accounts open to compromise

Attackers can gain access to AWS accounts or sensitive data by creating in advance S3 storage buckets with predictable names that will be automatically used by various services and tools. Researchers ...