all InfoSec news
MFA enforcement IAM policy bypass
April 25, 2023, midnight |
The Open Cloud Vulnerability & Security Issue Database www.cloudvulndb.org
due to a change implemented by AWS in November 2022 that allowed IAM users to assign
multiple MFA devices to their account. Prior to this change, an attacker that had compromised
credentials could not create and assign a new MFA device to bypass the MFA requirement as they
would need to first deactivate the user’s existing MFA device. Organisations using SSO which
enforces MFA, either via …
access access keys account aws bypass change compromised compromised credentials credentials device devices enforcement iam keys mfa november policy
More from www.cloudvulndb.org / The Open Cloud Vulnerability & Security Issue Database
GraphNinja
4 days, 9 hours ago |
www.cloudvulndb.org
AWS Amplify IAM role publicly assumable exposure
2 weeks, 4 days ago |
www.cloudvulndb.org
AWS Glue database password leakage
3 weeks, 1 day ago |
www.cloudvulndb.org
Azure Site Recovery privilege escalation
2 months, 2 weeks ago |
www.cloudvulndb.org
Azure HDInsight privilege escalation and DoS vulnerabilities
2 months, 3 weeks ago |
www.cloudvulndb.org
Azure Pipelines Agent poisoned pipeline execution
4 months, 1 week ago |
www.cloudvulndb.org
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Data Privacy Manager m/f/d)
@ Coloplast | Hamburg, HH, DE
Cybersecurity Sr. Manager
@ Eastman | Kingsport, TN, US, 37660
KDN IAM Associate Consultant
@ KPMG India | Hyderabad, Telangana, India
Learning Experience Designer in Cybersecurity (f/m/div.) (Salary: ~113.000 EUR p.a.*)
@ Bosch Group | Stuttgart, Germany
Senior Security Engineer - SIEM
@ Samsara | Remote - US