Datadog Security Labs researchers developed a new name confusion attack technique known as whoAMI, which allows threat actors to execute arbitrary code within an Amazon Web Services (AWS) account by uploading an Amazon Machine Image (AMI) with a specified name.
The researchers warn that, at scale, this assault can impact thousands of AWS accounts, with approximately 1% of organisations believed to be vulnerable. An Amazon Machine Image (AMI) is a virtual machine image used to start Elastic Compute Cloud (EC2) instances. Users can use the AWS API to search for the latest version of an AMI or provide it by ID.
Datadog Security Labs stated that anyone can publish an AMI to the Community AMI catalogue; in order to verify whether a user searching the catalogue for an AMI ID will receive an official AMI rather than one published by a malicious actor, he can specify the owner attribute.
When searching for AMIs, using the owner attribute may ensure that results are from verified sources such as Amazon or trustworthy providers. If the owners property is not included in an AMI search, an
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: