CSOonline

AWS access control confusion enables cross-account attacks

The Amazon Web Services identity and access management (IAM) mechanism is complex, and not fully understanding its particularities often leads to misconfigurations and exposed cloud assets.
Business Insider

Lightspin Research Team Discovers Cross-Account Attack Path Leveraging Dangerous S3 Bucket Permissions on AWS

Hackers can achieve public write access to write files to protected S3 buckets and store data at a victim's expense TEL AVIV, Israel, June 3, 2021 /PRNewswire/ -- Lightspin, a pioneer in contextual ...
CSOonline

S3 shadow buckets leave AWS accounts open to compromise

Attackers can gain access to AWS accounts or sensitive data by creating in advance S3 storage buckets with predictable names that will be automatically used by various services and tools. Researchers ...