all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

BreakingFormation: API Vulnerability in the AWS CloudFormation API

Add to bookmarks
Jan. 13, 2022, 8:04 p.m. | Aner Morag

Security Boulevard securityboulevard.com




On January 13th, researchers from Orca Security published a vulnerability found in the AWS CloudFormation API, a service that helps users model and set up their AWS resources. The vulnerability allowed the researchers to get file and credential disclosure primitives on an internal AWS service and leverage these to leak sensitive files found on the CloudFormation vulnerable machines. The attack flow then continues to an SSRF (server side request forgery) leveraging the connectivity and permissions of the targeted service.


The …

api aws vulnerability

Visit resource

More from securityboulevard.com / Security Boulevard

Baby ASO: A Minimal Viable Transformation for Your SOC 7 hours ago | securityboulevard.com
aso axiom baby change +16
LabHost Phishing Platform is Latest Target of International Law Agencies 10 hours ago | securityboulevard.com
as-a-service countries cybercriminal cybersecurity +34
Choosing SOC Tools? Read This First [2024 Guide] 10 hours ago | securityboulevard.com
analytics & intelligence array centers clock +36
USENIX Security ’23 – GAP: Differentially Private Graph Neural Networks with Aggregation Perturbation 11 hours ago | securityboulevard.com
access aggregation authors channel +19
SafeBreach Coverage for AA24-109A (Akira Ransomware) 11 hours ago | securityboulevard.com
advisory akira akira ransomware cisa +12
Daniel Stori’s ‘WC’ 13 hours ago | securityboulevard.com
daniel daniel stori humor sarcasm +4
USENIX Security ’23 – Inductive Graph Unlearning 15 hours ago | securityboulevard.com
access authors channel conference +13
From DAST to dawn: why fuzzing is better solution | Code Intelligence 15 hours ago | securityboulevard.com
api security application applications application security +27
Cybersecurity Insights with Contrast CISO David Lindner | 4/19/24 17 hours ago | securityboulevard.com
businesses can cisa ciso +16

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City
View on infosec-jobs.com

Junior Cybersecurity Triage Analyst

@ Peraton | Linthicum, MD, United States
View on infosec-jobs.com

Associate Director, Operations Compliance and Investigations Management

@ Legend Biotech | Raritan, New Jersey, United States
View on infosec-jobs.com

Analyst, Cyber Operations Engineer

@ BlackRock | SN6-Singapore - 20 Anson Road
View on infosec-jobs.com

Working Student/Intern/Thesis: Hardware based Cybersecurity Training (m/f/d)

@ AVL | Regensburg, DE
View on infosec-jobs.com
View more jobs