Shortly after Lake Formation was made generally available, a bug was discovered
that gave anyone the ability to view and override data lake admins for any account
(an attacker would have only neede...
Thu, Aug 15th, 2019
AWS offers a metadata service accessible to most EC2 Instances via a simple GET request to 169.254.169.254.
If an instance has an SSRF vulnerability, attackers can access the metadata service & exf...
Sun, Aug 4th, 2019
The AWS CodeStar service had an undocumented API (codestar:CreateProjectFromTemplate) that allowed
users with broadly-scoped CodeStar permissions to create a CodeStar project. As part of the creati...
Tue, Jun 18th, 2019