An adversary could gain access to IAM credentials in a victim's account, and make an API request to Elastic Beanstalk (even if they didn't have the proper IAM permissions). This request would be di...
Thu, Jun 3rd, 2021
Azure forces the install of an agent on Linux VMs, which contained a vulnerability
that would grant root RCE if an attacker could send a web request to them. Initially,
Microsoft did not update the...
Tue, Jun 1st, 2021
GCP provides an OS Login service for managing SSH access to compute instances using IAM roles.
An attacker could abuse this feature via LXD, Docker (if available on the target system) and
Wed, Mar 17th, 2021