all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

A Confused Deputy Vulnerability in AWS AppSync

Add to bookmarks
Nov. 21, 2022, midnight |

Datadog Security Labs securitylabs.datadoghq.com

We have identified a cross-tenant vulnerability in Amazon Web Services (AWS) that exploits AWS AppSync. This attack abuses the AppSync service to assume IAM roles in other AWS accounts, which allows an attacker to pivot into a victim organization and access resources in those accounts. This blog post describes how we discovered the vulnerability, a proof of concept showing how we performed sts:AssumeRole into roles that trust the AppSync service, and our disclosure process with the AWS team.


The …

appsync aws vulnerability

Visit resource

More from securitylabs.datadoghq.com / Datadog Security Labs

A guide to threat hunting and monitoring in Snowflake 2 days, 22 hours ago | securitylabs.datadoghq.com
customers emerging emerging threat environment +7
Non-Production Endpoints as an Attack Surface in AWS 1 week, 5 days ago | securitylabs.datadoghq.com
api api endpoints attack attack surface +13
Malicious PyPI packages targeting highly specific MacOS machines 2 weeks, 3 days ago | securitylabs.datadoghq.com
cluster machines macos malicious +5
Amplified exposure: How AWS flaws made Amplify IAM roles vulnerable to takeover 1 month, 3 weeks ago | securitylabs.datadoghq.com
amplify aws disclosure exposed +11
The XZ Utils backdoor (CVE-2024-3094): Everything you need to know, and more 2 months ago | securitylabs.datadoghq.com
ages backdoor backdoors cve +9
A threat-informed roadmap for securing Kubernetes clusters (KubeCon EU 2024) 2 months, 2 weeks ago | securitylabs.datadoghq.com
attacks clusters controls kubecon +8
Tales from the cloud trenches: Using malicious AWS activity to spot phishing campaigns 2 months, 3 weeks ago | securitylabs.datadoghq.com
aws campaign campaigns cloud +5
Kubernetes security fundamentals: Authentication 3 months, 4 weeks ago | securitylabs.datadoghq.com
authentication fundamentals kubernetes kubernetes security +1
An analysis of a TeamTNT doppelgänger 4 months, 1 week ago | securitylabs.datadoghq.com
analysis api api endpoints backdoors +7

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Senior Security Researcher - Linux MacOS EDR (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel
View on infosec-jobs.com

Sr. Manager, NetSec GTM Programs

@ Palo Alto Networks | Santa Clara, CA, United States
View on infosec-jobs.com

SOC Analyst I

@ Fortress Security Risk Management | Cleveland, OH, United States
View on infosec-jobs.com