Last Week in Cloud Security — August 29
August 22 — August 29
Vulnerabilities and Case Studies
Privilege Escalation via AWS Signer to Sign Code using Unauthorized ACM Certificate
AWS ACM has a missing security boundary that allows users with AWS Signer permissions — but without ACM permissions — to sign code using any ACM certificate within the same account. This bypasses critical security checks, enabling unauthorized code to be signed and potentially distributed as legitimate software. This can lead to significant security risks, including data breaches and system compromises.
2 TB of Sensitive “ServiceBridge” Records Exposed in Cloud Misconfiguration
A major database misconfiguration exposed millions of sensitive records belonging to ServiceBridge customers. Learn about the risks and consequences of this data exposure and how businesses can protect themselves from similar incidents.
How some Let’s Encrypt renewal failures pointed to an AWS traffic hijacking issue
A BGP-based feature of the AWS Direct Connect service allowed a third party to inject an incorrect route for an external IP assigned to me, effectively hijacking my AWS-sourced traffic.
TotalCloud Insights: When Multi-Factor Authentication Turns Into Single-Factor Authentication
In this article, we will give a short primer on why it is important to unpack MFA failures like this one, explore the details of the Retool attack, and outline the critical lessons learned for enhancing cloud security.
Worth Knowing
Cryptomator: Open-source cloud storage encryption
Cryptomator offers open-source, client-side encryption of your files in the cloud. It’s available for Windows, Linux, macOS and iOS.
Four risks of low-code/no-code in cloud security — and how to manage them
In today’s cloud-first world, organizations strive to enhance their security posture while staying agile. Low-code and no-code platforms have emerged as powerful tools that let users build applications and automate workflows with little to no programming expertise. These platforms are transforming cloud security by streamlining complex processes and allowing rapid deployment of security products. However, they also introduce potential risks that teams must carefully manage to maintain a strong security framework.
Your Feedback
Thanks for reading! We’ll be happy to get your claps 👏 or any feedback in the comments below.
