all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services

Add to bookmarks
Nov. 28, 2022, 11:56 a.m. | noreply@blogger.com (Ravie Lakshmanan)

The Hacker News thehackernews.com

Amazon Web Services (AWS) has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources.
The issue relates to a confused deputy problem, a type of privilege escalation where a program that doesn't have permission to perform an action can coerce a more-privileged entity to perform the action.
The shortcoming was reported

amazon amazon web services appsync aws researchers services vulnerability web web services

Visit resource

More from thehackernews.com / The Hacker News

Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites 4 hours ago | thehackernews.com
accounts admin automatic bug +18
North Korea's Lazarus Group Deploys New Kaolin RAT via Fake Job Lures 18 hours ago | thehackernews.com
access actor binary called +19
Network Threats: A Step-by-Step Attack Demonstration 23 hours ago | thehackernews.com
access advanced attack attackers +21
DOJ Arrests Founders of Crypto Mixer Samourai for $2 Billion in Illegal Transactions 1 day ago | thehackernews.com
arrest arrests called criminal +17
Google Postpones Third-Party Cookie Deprecation Amid U.K. Regulatory Scrutiny 1 day, 4 hours ago | thehackernews.com
address authority browser chrome +24
State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage 1 day, 4 hours ago | thehackernews.com
actor arcanedoor campaign cisco +28
U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks 1 day, 21 hours ago | thehackernews.com
april assets attacks command +19
Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike 1 day, 21 hours ago | thehackernews.com
attack called campaign cobalt +22
Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users 2 days, 1 hour ago | thehackernews.com
app apps baidu chinese +22

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Cyber Security Cloud Solution Architect

@ Microsoft | London, London, United Kingdom
View on infosec-jobs.com

Compliance Program Analyst

@ SailPoint | United States
View on infosec-jobs.com

Software Engineer III, Infrastructure, Google Cloud Security and Privacy

@ Google | Sunnyvale, CA, USA
View on infosec-jobs.com

Cryptography Expert

@ Raiffeisen Bank Ukraine | Kyiv, Kyiv city, Ukraine
View on infosec-jobs.com

Senior Cyber Intelligence Planner (15.09)

@ OCT Consulting, LLC | Washington, District of Columbia, United States
View on infosec-jobs.com
View more jobs