Resource policies lacked a way of restricting service access to only your
own account, allowing an attacker to leverage a service to potentially access
your resources. Originally discovered by Dan ...
Wed, Nov 28th, 2018
Attackers had put malicious AMIs in the marketplace to abuse the CLI''s
way of selecting what AMI to use. Although the concept of planting malicious
AMIs had existed for a while (ex. in the 2009 p...
Mon, Aug 13th, 2018
AWS has previously provided managed policies or guidance in documentation
for policies with mistakes that allow them to be bypassed. Additionally,
some policies are over-privileged. Date of disclos...
Tue, Nov 7th, 2017