Lightspin Security Research Team Reveals AWS Identity and Access Management Vulnerable to Abuse

Home Forums Discussions at SecurityWorld Lightspin Security Research Team Reveals AWS Identity and Access Management Vulnerable to Abuse

Viewing 0 reply threads
  • Author
    Posts

    • Jay Bartlett
      Keymaster

      Lightspin announced the results of its research, which discovered a gap between AWS Identity and Access Management user and group policies that an attacker can abuse to take over accounts, delete group members, steal data and shut down services. The research team was able to compromise dozens of accounts by using this technique. Lightspin researchers discovered that many security administrators were unaware that AWS IAM rules do not work the same way as Azure Active Directory or other authorization mechanisms.

      [See the full post at: Lightspin Security Research Team Reveals AWS Identity and Access Management Vulnerable to Abuse]

      #513519 Reply
Viewing 0 reply threads
How you feel about it?
Your information: