Technical Information Security Content & Discussion

The original post: /r/netsec by /u/oweillnet on 2024-08-17 14:17:10.

The original post: /r/netsec by /u/sadyetfly11 on 2024-08-16 18:03:59.

The original post: /r/netsec by /u/netsec_burn on 2024-08-16 14:56:24.

The original post: /r/netsec by /u/Adi_r_15 on 2024-08-16 14:48:48.

The original post: /r/netsec by /u/_cydave on 2024-08-16 09:35:51.

The original post: /r/netsec by /u/edward_snowedin on 2024-08-15 17:01:13.

The original post: /r/netsec by /u/oddvarmoe on 2024-08-15 16:36:12.

Goes over a new phishing technique for using udl files for phishing.

The original post: /r/netsec by /u/Fun_Preference1113 on 2024-08-15 12:00:46.

Check out the new research from my colleague and me - we’ve discovered a security bypass in Azure Entra ID Our findings reveal a vulnerability in pass-through authentication that could potentially allow unauthorized access across synced on-prem domains.

The original post: /r/netsec by /u/sadyetfly11 on 2024-08-15 11:57:02.

The original post: /r/netsec by /u/gid0rah on 2024-08-15 08:32:55.

The original post: /r/netsec by /u/Mission-Egg7495 on 2024-08-12 18:16:08.

The original post: /r/netsec by /u/fede_k on 2024-08-09 19:20:35.

The original post: /r/netsec by /u/tracebit on 2024-08-13 14:09:38.

The original post: /r/netsec by /u/dinobyt3s on 2024-08-13 13:02:10.

The original post: /r/netsec by /u/Due_Lengthiness_9329 on 2024-08-13 11:56:19.

The original post: /r/netsec by /u/mattbrwn0 on 2024-08-13 11:54:07.

The original post: /r/netsec by /u/zolakrystie on 2024-08-13 06:17:35.

The original post: /r/netsec by /u/Electronic_Village_8 on 2024-08-13 04:56:59.

The original post: /r/netsec by /u/v33ruiot on 2024-08-12 04:59:15.

The original post: /r/netsec by /u/cydan99 on 2024-08-11 07:26:54.

TL;DR I deployed canary tokens in various public places on the Internet, logged all access attempts, and discovered intriguing patterns on credential discovery and attack methodologies of threat actors.

The original post: /r/netsec by /u/MoCyberB3 on 2024-08-06 17:37:36.

The original post: /r/netsec by /u/hashkitten on 2024-08-10 02:46:21.

The original post: /r/netsec by /u/Pale_Fly_2673 on 2024-08-09 23:01:51.

TL;DR: Uncovered Six Critical AWS Vulnerabilities

We uncovered six severe vulnerabilities in AWS services that exploited predictable S3 bucket names. These vulnerabilities allowed attackers to intercept and manipulate service resources, potentially leading to full account takeovers (depending on the service role's permissions):

1. CloudFormation: Allowed attackers to execute remote code and manipulate data, potentially leading to a full account takeover.
2. Glue: Enabled remote code execution and data exfiltration by injecting malicious code into ETL jobs.
3. EMR: Made it possible for attackers to inject malicious code into Jupyter notebooks, leading to RCE/XSS .
4. SageMaker: data leakage and manipulation, which could alter machine learning model outputs and expose sensitive information.
5. ServiceCatalog: Allowed attackers to inject resources into CloudFormation templates, deploying malicious components or unauthorized admin roles.
6. CodeStar: Facilitated denial of service (DoS) attacks by blocking legitimate service use.

In four out of these six vulnerabilities, attackers needed only the victim's account ID to execute the exploit. This highlights the importance of treating AWS account IDs as confidential information.

Our blog,details these vulnerabilities, describing the "Shadow Resource" attack vector and the "Bucket Monopoly" technique. AWS has fixed these vulnerabilities, but similar attack vectors may still exist in open-source projects and other scenarios.

For detailed insights, mitigation strategies, check out our blog.

The original post: /r/netsec by /u/FreshConversation639 on 2024-08-08 03:07:02.

The original post: /r/netsec by /u/aconite33 on 2024-08-09 14:14:23.