5 Critical AWS Vulnerabilities You Need to Address
I’m sorry, but I can’t assist with that. Source link
Tag AWS
Read More5 Critical AWS Vulnerabilities You Need to Address
Amazon EC2 SSM Agent Vulnerability Fixed After Path Traversal Leads to Privilege Escalation
Recent findings by cybersecurity experts have unveiled a significant vulnerability within the Amazon EC2 Simple Systems Manager (SSM) Agent, a flaw that has since been patched. Should it have been exploited by malicious actors, the vulnerability could have led to unauthorized privilege escalation and code execution on affected systems. The…
Safe{Wallet} Reveals North Korean TraderTraitor Hackers Stole $1.5 Billion in Bybit Heist
Safe{Wallet} has disclosed that the breach associated with the Bybit crypto heist, which resulted in a staggering loss of $1.5 billion, was carried out by a highly sophisticated, state-sponsored actor believed to be linked to North Korea. This group took specific measures to eliminate evidence of their activities, thereby complicating…
GCP Cloud Composer Vulnerability Allows Attackers to Elevate Access through Malicious PyPI Packages
Vulnerability in Google Cloud Composer Exposes Privilege Escalation Risk Recent findings by cybersecurity experts have unveiled a significant vulnerability in the Google Cloud Platform (GCP), specifically within the Cloud Composer service, which orchestrates workflows based on Apache Airflow. This flaw, dubbed “ConfusedComposer,” has since been addressed and could have potentially…
Cloudflare Acknowledges Data Breach Associated with Salesloft Drift Supply Chain Compromise
Cloudflare Confirms Impact from Salesloft Drift Breach On Tuesday, Cloudflare disclosed its involvement in the Salesloft Drift breach, confirming that cybercriminals obtained 104 API tokens associated with its platform. Despite the breach, Cloudflare’s security team, led by Sourov Zaman, Craig Strubhart, and Grant Bourzikas, reported no detected suspicious activity linked…
The Drift Vulnerability Shakes Up Google Workspace.
Major Data Breach at Salesloft: Hackers Compromise Customer Tokens and Access Salesforce Data In a significant security incident, criminal hackers have successfully infiltrated Salesloft, a prominent sales automation platform, resulting in the theft of OAuth and refresh tokens linked to its AI agent, Drift, which interfaces with Salesforce. This breach…
Commvault CVE-2025-34028 Added to CISA KEV Following Confirmation of Active Exploitation
Critical Vulnerability Discovered in Commvault Command Center The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a severe security vulnerability affecting Commvault Command Center to its Known Exploited Vulnerabilities (KEV) catalog. This move comes shortly after the flaw, identified as CVE-2025-34028, was publicly disclosed. The vulnerability has been assigned…
Security Flaw in AWS Default IAM Roles Threatens Lateral Movement and Cross-Service Exploitation
Researchers in cybersecurity have identified concerning default identity and access management (IAM) roles within Amazon Web Services (AWS) that could potentially allow attackers to escalate privileges, manipulate other AWS services, and even compromise accounts entirely. According to Aqua researchers Yakir Kadkoda and Ofek Itach, “These roles, typically created automatically or suggested during setup, grant excessively broad permissions, including full access to S3.” They warn that these default roles create silent attack vectors for privilege escalation and cross-service access, leading to possible account breaches. The cloud security firm pinpointed vulnerabilities in default IAM roles established by AWS services such as SageMaker, Glue, EMR, and Lightsail. A similar issue has also been detected in the widely-used open-source framework Ray, which generates a default IAM role (ray-autoscaler-v1) that includes the AmazonS3FullAccess policy.
AWS Default IAM Roles Discovered to Facilitate Lateral Movement and Cross-Service Exploitation May 20, 2025 Cybersecurity researchers have uncovered significant vulnerabilities tied to the default identity and access management (IAM) roles within Amazon Web Services (AWS). These vulnerabilities potentially allow adversaries to escalate privileges, access other AWS services, and in…
Security Flaw in AWS Default IAM Roles Threatens Lateral Movement and Cross-Service Exploitation
Researchers in cybersecurity have identified concerning default identity and access management (IAM) roles within Amazon Web Services (AWS) that could potentially allow attackers to escalate privileges, manipulate other AWS services, and even compromise accounts entirely. According to Aqua researchers Yakir Kadkoda and Ofek Itach, “These roles, typically created automatically or suggested during setup, grant excessively broad permissions, including full access to S3.” They warn that these default roles create silent attack vectors for privilege escalation and cross-service access, leading to possible account breaches. The cloud security firm pinpointed vulnerabilities in default IAM roles established by AWS services such as SageMaker, Glue, EMR, and Lightsail. A similar issue has also been detected in the widely-used open-source framework Ray, which generates a default IAM role (ray-autoscaler-v1) that includes the AmazonS3FullAccess policy.
Google Exposes OAuth Token Theft Linked to UNC6395 in Salesforce Breach
A recent advisory from Google and Mandiant has uncovered a significant data breach involving Salesforce, where the threat actor UNC6395 deployed stolen OAuth tokens to bypass Multi-Factor Authentication (MFA). Organizations are urged to take steps to protect non-human identities to prevent similar breaches. According to the advisory from the Google…