all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services

Add to bookmarks
Nov. 28, 2022, 11:56 a.m. | noreply@blogger.com (Ravie Lakshmanan)

The Hacker News thehackernews.com

Amazon Web Services (AWS) has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources.
The issue relates to a confused deputy problem, a type of privilege escalation where a program that doesn't have permission to perform an action can coerce a more-privileged entity to perform the action.
The shortcoming was reported

amazon amazon web services appsync researchers services vulnerability web web services

Visit resource

More from thehackernews.com / The Hacker News

AI Company Hugging Face Notifies Users of Suspected Unauthorized Access 1 day ago | thehackernews.com
access advisory artificial artificial intelligence +9
Mysterious Cyber Attack Took Down 600,000+ Routers in the U.S. 1 day, 15 hours ago | thehackernews.com
access attack bricked cyber +12
Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices 1 day, 18 hours ago | thehackernews.com
attacks critical critical systems cyber +18
Beyond Threat Detection – A Race to Digital Security 1 day, 21 hours ago | thehackernews.com
attack attack surface benefits beyond +15
Russian Hackers Target Europe with HeadLace Malware and Credential Harvesting 1 day, 21 hours ago | thehackernews.com
actor apt28 bear blizzard +24
OpenAI, Meta, TikTok Disrupt Multiple AI-Powered Disinformation Campaigns 1 day, 23 hours ago | thehackernews.com
abuse ai-powered artificial artificial intelligence +21
CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw 2 days, 14 hours ago | thehackernews.com
actively exploited agency alerts bug +34
FlyingYeti Exploits WinRAR Vulnerability to Deliver COOKBOX Malware in Ukraine 2 days, 15 hours ago | thehackernews.com
access actor anxiety called +20
Cyber Espionage Alert: LilacSquid Targets IT, Energy, and Pharma Sectors 2 days, 16 hours ago | thehackernews.com
access actor alert asia +23

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote
View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC
View on infosec-jobs.com