Close Menu
Indo Guard OnlineIndo Guard Online
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
What's Hot

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025
Facebook X (Twitter) Instagram
Facebook X (Twitter) Instagram YouTube
Indo Guard OnlineIndo Guard Online
Subscribe
  • Home
  • Cyber Security
  • Risk Management
  • Travel
  • Security News
  • Tech
  • More
    • Data Privacy
    • Data Protection
    • Global Security
Indo Guard OnlineIndo Guard Online
Home » Experts Uncover Serious AWS Flaws That Lead to RCE, Data Theft, and Full Service Gobbling
Global Security

Experts Uncover Serious AWS Flaws That Lead to RCE, Data Theft, and Full Service Gobbling

AdminBy AdminAugust 9, 2024No Comments3 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link


August 9, 2024Ravi LakshmananCloud Security / Data Protection

Cybersecurity researchers have discovered multiple critical flaws in Amazon Web Services (AWS) offerings that, if successfully exploited, could lead to serious consequences.

“The impact of these vulnerabilities ranges from remote code execution (RCE), full-service user hijacking (which can provide powerful administrative access), manipulation of artificial intelligence modules, exposure of sensitive data, data theft, and denial of service,” it writes Aqua is a cloud security company. according to a detailed report shared by The Hacker News.

After making a responsible disclosure in February 2024, Amazon addressed the deficiencies over several months from March to June. There were conclusions presented at Black Hat USA 2024.

Central to the problem, dubbed Bucket Monopoly, is an attack vector called Shadow Resource, which in this case refers to the automatic creation of an AWS S3 bucket when using services such as CloudFormation, Glue, EMR, SageMaker, ServiceCatalog, and CodeStar.

The S3 bucket name generated in this way is both unique and conforms to the predefined naming convention (“cf-templates-{Hash}-{Region}”). An attacker could take advantage of this behavior to configure a bucket in unused regions of AWS and wait for a legitimate AWS customer to use one of the susceptible services to covertly access the contents of the S3 bucket.

Cyber ​​security

Based on the permissions granted to an adversary-controlled S3 block, this approach can be used to escalate to cause a DoS condition, or execute code, manipulate or steal data, and even gain full control of the victim’s account without the user’s knowledge.

To maximize their chances of success using Bucket Monopoly, attackers can create unclaimed buckets in all available regions in advance and store malicious code in them. When a target organization first enables one of the vulnerable services in a new region, malicious code will be unknowingly executed, which could lead to the creation of an administrative user that could hand control over to attackers.

CloudFormation Vulnerability Overview

However, it is important to note that for a successful attack, an attacker would have to wait until the victim first deploys a new CloudFormation stack in a new region. Modifying the CloudFormation template file in the S3 bucket to create a fake admin user also depends on whether the victim account has permission to manage IAM roles.

Glue Vulnerability Overview
CodeStar Vulnerability Review

Aqua said it discovered five other AWS services that rely on a similar naming methodology for S3 partitions – {Service Prefix}-{AWS Account ID}-{Region}, exposing them to Shadow Resource attacks and ultimately allowing a threat actor to escalate privileges and perform malicious activities, including DoS, information disclosure, data manipulation, and arbitrary code execution –

  • AWS Glue: aws-glue-assets-{Account-ID}-{Region}
  • AWS Elastic MapReduce (EMR): aws-emr-studio -{Account-ID}-{Region}
  • AWS SageMaker: sagemaker-{Region}-{Account-ID}
  • AWS CodeStar: aws-codestar-{Region}-{Account-ID}
  • AWS Services Directory: cf-templates-{Hash}-{Region}
Cyber ​​security

The company also noted that AWS account IDs should be considered secret, unlike Amazon’s states in their documentation, as they can be used to organize similar attacks.

“This attack vector affects not only AWS services, but also many open source projects used by organizations to deploy resources in their AWS environment,” Aqua said. “Many open source projects automatically create S3 buckets as part of their functionality or instruct their users to deploy S3 buckets.”

“Instead of using predictable or static identifiers in the bucket name, it is preferable to create a unique hash or random identifier for each region and account by including this value in the S3 bucket name. This approach helps protect against attackers who prematurely claim your bucket. .”

Did you find this article interesting? Follow us Twitter  and LinkedIn to read more exclusive content we publish.





Source link

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Admin
  • Website

Related Posts

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025
Add A Comment
Leave A Reply Cancel Reply

Loading poll ...
Coming Soon
Do You Like Our Website
: {{ tsp_total }}

Subscribe to Updates

Get the latest security news from Indoguardonline.com

Latest Posts

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025

Microsoft helps CBI disassemble the Indian Centers for Japanese Technical Support

June 6, 2025

Expand users’ capabilities and protect against Genai data loss

June 6, 2025

Why are more security leaders choose AEV

June 6, 2025

New data Wiper Pathwiper Data Wiper violates Ukrainian critical infrastructure in 2025 attack

June 6, 2025

Popular Chrome Extensions API leaks, user data via HTTP and Hard Codes

June 5, 2025
About Us
About Us

Provide a constantly updating feed of the latest security news and developments specific to Indonesia.

Facebook X (Twitter) Pinterest YouTube WhatsApp
Our Picks

Operation malicious network supply software gets to NPM and Pypi ecosystems, focusing on millions worldwide

June 8, 2025

Extension of the malicious browser has infected 722 users across Latin America since the beginning of 2025

June 8, 2025

New company Atomic MacOS Campation Exploaits Clickfix to focus on Apple users

June 6, 2025
Most Popular

In Indonesia, crippling immigration ransomware breach sparks privacy crisis

July 6, 2024

Why Indonesia’s Data Breach Crisis Calls for Better Security

July 6, 2024

Indonesia’s plan to integrate 27,000 govt apps in one platform welcomed but data security concerns linger

July 6, 2024
© 2025 indoguardonline.com
  • Home
  • About us
  • Contact us
  • Privacy Policy

Type above and press Enter to search. Press Esc to cancel.