Aug 7, 07:10 PM

Researchers Reveal AWS 'Bucket Monopoly' and 'Shadow Resources' Vulnerabilities at Black Hat 2024

Researchers from AquaSecTeam have disclosed critical vulnerabilities in six Amazon Web Services (AWS) services at the Black Hat 2024 conference. These vulnerabilities could potentially allow for account takeover, remote code execution, AI data manipulation, and sensitive information disclosure. The researchers also introduced a new attack vector termed 'shadow resources.' The vulnerabilities were highlighted as part of a presentation on AWS security issues, including a specific attack method referred to as 'Bucket Monopoly,' which could lead to complete account takeover.

#AquaSecTeam #Amazon Web Services #Black Hat #Bucket Monopoly

Written with ChatGPT (GPT-4o).

Sources

Nicolas Krassas@Dinosn
1 year ago
Critical AWS Vulnerabilities Allow S3 Attack Bonanza https://t.co/jHUVJy6t5O
TechTarget News@TechTargetNews
2 years ago
.@AquaSecTeam researchers at #BlackHat2024 showed how they discovered 6 #AWS #vulnerabilities and a new attack vector they call 'shadow resources'. By @RobWright22. https://t.co/PYBsTBKw8p
Jessica Lyons@JessicaHrdcstle
2 years ago
AWS 'Bucket Monopoly' attacks could allow complete account takeover #BlackHatUSA https://t.co/UEIJvvASUP via @theregister

Additional media

Image #1 for story researchers-reveal-aws-bucket-monopoly-shadow-resources-vulnerabilities-black

Image #2 for story researchers-reveal-aws-bucket-monopoly-shadow-resources-vulnerabilities-black

Researchers Reveal AWS 'Bucket Monopoly' and 'Shadow Resources' Vulnerabilities at Black Hat 2024

Sources

Additional media

Similar Stories