all InfoSec news
SNS SigningCertUrl improper validation
Aug. 19, 2022, midnight |
The Open Cloud Vulnerability & Security Issue Database www.cloudvulndb.org
that would incorrectly match an S3 bucket named `sns`. This bucket happened to be publicly readable and writeable,
allowing an attacker to forge messages to any user of the official SDK SNS validator.
amazon amazon sns attacker aws certificate default forge messages official regex s3 bucket sdk signature sns validation
More from www.cloudvulndb.org / The Open Cloud Vulnerability & Security Issue Database
GraphNinja
5 days, 13 hours ago |
www.cloudvulndb.org
AWS Amplify IAM role publicly assumable exposure
2 weeks, 5 days ago |
www.cloudvulndb.org
AWS Glue database password leakage
3 weeks, 2 days ago |
www.cloudvulndb.org
Azure Site Recovery privilege escalation
2 months, 3 weeks ago |
www.cloudvulndb.org
Azure HDInsight privilege escalation and DoS vulnerabilities
2 months, 4 weeks ago |
www.cloudvulndb.org
Azure Pipelines Agent poisoned pipeline execution
4 months, 2 weeks ago |
www.cloudvulndb.org
Jobs in InfoSec / Cybersecurity
QA Customer Response Engineer
@ ORBCOMM | Sterling, VA Office, Sterling, VA, US
Enterprise Security Architect
@ Booz Allen Hamilton | USA, TX, San Antonio (3133 General Hudnell Dr) Client Site
DoD SkillBridge - Systems Security Engineer (Active Duty Military Only)
@ Sierra Nevada Corporation | Dayton, OH - OH OD1
Senior Development Security Analyst (REMOTE)
@ Oracle | United States
Software Engineer - Network Security
@ Cloudflare, Inc. | Remote
Software Engineer, Cryptography Services
@ Robinhood | Toronto, ON