Threat actors could exploit Amazon Web Services AppSync through an AWS cross-tenant vulnerability that would enable access to organizational account resource access, SecurityWeek reports.
Researchers from Datadog Security Labs were able to identify the flaw after discovering AWS API's acceptance of JSON payloads with mixed case properties during the validation process, which could be bypassed by an ARN with a different casing.
"By bypassing the ARN validation, we were able to create AppSync data sources tied to roles in other AWS accounts. This would allow an attacker to interact with any resource associated with a role which trusts the AWS AppSync service in any account," said Datadog.
AWS has already issued a patch addressing the flaw in September, noting that none of its customers have been compromised.
"Analysis of logs going back to the launch of the service have been conducted and we have conclusively determined that the only activity associated with this issue was between accounts owned by the researcher. No other customer accounts were impacted," AWS added.
As companies migrate to the cloud, the industry needs a new way to manage data and network security, but security analysts warn that only the most well-heeled enterprises can afford the new zero-trust open approach Oracle touts.
Operators of the Bumblebee malware loader have launched a new campaign involving the exploitation of 4shared Web Distributed Authoring and Versioning services following a two-month hiatus, according to BleepingComputer.
Infrequently used Amazon Web Services products AWS Fargate, AWS Amplify, and Amazon SageMaker, have been targeted by the new Indonesian cloud-native cryptojacking operation AMBERSQUID for cryptomining activities, according to The Hacker News.