Critical Vulnerabilities Discovered in Six AWS Cloud Services
2 Sources
2 Sources
[1]
Aqua Detects Vulnerability In Six AWS Services
A new attack vector could allow unauthorized users to breach AWS accounts through malicious code embedded in S3 buckets; the vulnerabilities were promptly fixed by AWS Aqua Security, the pioneer in cloud native security, has unveiled new research by its cyber research team, Nautilus, addressing critical vulnerabilities in six AWS services. The potential impacts include remote code execution (RCE), full-service user takeover which might provide powerful administrative access, manipulation of AI modules, exposing sensitive data, data exfiltration and denial of service. The vulnerabilities were quickly acknowledged and fixed by AWS. "When creating a new service in AWS, there are internal dependencies and complexities that cloud users and developers might not be aware of," said Yakir Kadkoda, Lead Researcher at Aqua Security. "We found that under some conditions, an attacker could exploit gaps to gain access to and even take over AWS accounts." The vulnerabilities were found in the following AWS services: CloudFormation, Glue, EMR, SageMaker, ServiceCatalog and CodeStar. When creating any of these services in a new region for the first time, an S3 bucket is automatically created with a certain name. This name is divided into the name of the service of the AWS account ID (in most services mentioned above) and the name of the region. Thus, across all AWS regions, the bucket name remains the same, differing only by the region name. Aqua Nautilus uncovered how attackers could discover the buckets' names or guess predictable parts of the bucket name. Subsequently, using a method dubbed "Bucket Monopoly," the attackers can create these buckets in advance in all available regions, essentially performing a landgrab, then store malicious code in the bucket. When the targeted organization enables the service in a new region for the first time, the malicious code will be unknowingly executed by the targeted organization, potentially resulting in the creation of an admin user in the targeted organization granting control to the attackers. "Because S3 bucket names are unique across all of AWS, if you capture a bucket, it's yours and no one else can claim that name," said Ofek Itach, Aqua Nautilus Security Researcher. "We demonstrated how S3 can become a 'shadow resource,' and how easily attackers can discover or guess it and exploit it." "This finding is a significant part of Nautilus and Aqua's mission," said Kadkoda. "Our aim is to improve the security of the cloud and enable organizations to use it safely. Our responsible disclosure of findings to the AWS security team, and their professional response, prevented what could have been a massive initial access point for attackers, protecting the cloud environments of many organizations." The research was first presented at Black Hat on Wednesday, August 7, and the blog with full details will be available following the DEF CON session on Friday, August 9 at 2:30pm PST / 5:30pm EST at Aquasec.com. About Aqua Nautilus Aqua Nautilus is a security research team whose mission is to analyze the evolving cloud native threat landscape, uncovering new threats targeting containers, Kubernetes, serverless, applications' software supply chains and cloud infrastructure. The team aims to help Aqua customers, and the community at large protect against the unknown, zero-day and emerging threats, turning insights from real-world attacks into powerful, intelligence-driven protection within the Aqua Platform. About Aqua Security Aqua Security is the pioneer in securing containerized cloud native applications from development to production. Aqua's full lifecycle solution prevents attacks by enforcing pre-deployment hygiene and mitigates attacks in real time in production, reducing mean time to repair and overall business risk. The Aqua Platform, a Cloud Native Application Protection Platform (CNAPP), integrates security from Code to Cloud, combining the power of agent and agentless technology into a single solution. With enterprise scale that doesn't slow development pipelines, Aqua secures your future in the cloud. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL protecting over 500 of the world's largest enterprises. For more information, visit https://www.aquasec.com.
[2]
Aqua Discovers Critical Vulnerabilities In Six AWS Cloud Services
A new attack vector could allow unauthorized users to breach AWS accounts through malicious code embedded in S3 buckets; the vulnerabilities were promptly fixed by AWS Aqua Security, the pioneer in cloud native security, has unveiled new research by its cyber research team, Nautilus, addressing critical vulnerabilities in six AWS services. The potential impacts include remote code execution (RCE), full-service user takeover which might provide powerful administrative access, manipulation of AI modules, exposing sensitive data, data exfiltration and denial of service. The vulnerabilities were quickly acknowledged and fixed by AWS. "When creating a new service in AWS, there are internal dependencies and complexities that cloud users and developers might not be aware of," said Yakir Kadkoda, Lead Researcher at Aqua Security. "We found that under some conditions, an attacker could exploit gaps to gain access to and even take over AWS accounts." The vulnerabilities were found in the following AWS services: CloudFormation, Glue, EMR, SageMaker, ServiceCatalog and CodeStar. When creating any of these services in a new region for the first time, an S3 bucket is automatically created with a certain name. This name is divided into the name of the service of the AWS account ID (in most services mentioned above) and the name of the region. Thus, across all AWS regions, the bucket name remains the same, differing only by the region name. Aqua Nautilus uncovered how attackers could discover the buckets' names or guess predictable parts of the bucket name. Subsequently, using a method dubbed "Bucket Monopoly," the attackers can create these buckets in advance in all available regions, essentially performing a landgrab, then store malicious code in the bucket. When the targeted organization enables the service in a new region for the first time, the malicious code will be unknowingly executed by the targeted organization, potentially resulting in the creation of an admin user in the targeted organization granting control to the attackers. "Because S3 bucket names are unique across all of AWS, if you capture a bucket, it's yours and no one else can claim that name," said Ofek Itach, Aqua Nautilus Security Researcher. "We demonstrated how S3 can become a 'shadow resource,' and how easily attackers can discover or guess it and exploit it." "This finding is a significant part of Nautilus and Aqua's mission," said Kadkoda. "Our aim is to improve the security of the cloud and enable organizations to use it safely. Our responsible disclosure of findings to the AWS security team, and their professional response, prevented what could have been a massive initial access point for attackers, protecting the cloud environments of many organizations." The research was first presented at Black Hat on Wednesday, August 7, and the blog with full details will be available following the DEF CON session on Friday, August 9 at 2:30pm PST / 5:30pm EST at Aquasec.com. About Aqua Nautilus Aqua Nautilus is a security research team whose mission is to analyze the evolving cloud native threat landscape, uncovering new threats targeting containers, Kubernetes, serverless, applications' software supply chains and cloud infrastructure. The team aims to help Aqua customers, and the community at large protect against the unknown, zero-day and emerging threats, turning insights from real-world attacks into powerful, intelligence-driven protection within the Aqua Platform. About Aqua Security Aqua Security is the pioneer in securing containerized cloud native applications from development to production. Aqua's full lifecycle solution prevents attacks by enforcing pre-deployment hygiene and mitigates attacks in real time in production, reducing mean time to repair and overall business risk. The Aqua Platform, a Cloud Native Application Protection Platform (CNAPP), integrates security from Code to Cloud, combining the power of agent and agentless technology into a single solution. With enterprise scale that doesn't slow development pipelines, Aqua secures your future in the cloud. Founded in 2015, Aqua is headquartered in Boston, MA and Ramat Gan, IL protecting over 500 of the world's largest enterprises. For more information, visit https://www.aquasec.com.
Share
Share
Copy Link
Aqua Security's research team uncovers significant security flaws in multiple Amazon Web Services (AWS) offerings, potentially impacting millions of cloud deployments worldwide.
Aqua Security Uncovers Major AWS Vulnerabilities
Aqua Security, a leader in cloud native security, has revealed critical vulnerabilities affecting six Amazon Web Services (AWS) offerings. The discovery, made by Aqua's research team, Team Nautilus, has significant implications for cloud security and potentially impacts millions of cloud deployments globally
1
.Affected AWS Services
The vulnerabilities were found in the following AWS services:
- AWS CloudFormation
- AWS Glue
- AWS Elastic Disaster Recovery
- AWS SageMaker
- AWS AppSync
- AWS Cognito
These services are widely used for various cloud operations, including infrastructure management, data integration, disaster recovery, machine learning, API development, and user authentication
2
.Nature of the Vulnerabilities
The discovered flaws primarily revolve around server-side request forgery (SSRF) and remote code execution (RCE) vulnerabilities. These types of vulnerabilities can potentially allow attackers to gain unauthorized access to sensitive data or execute malicious code on affected systems
1
.Responsible Disclosure and AWS Response
Adhering to responsible disclosure practices, Aqua Security promptly reported these vulnerabilities to AWS. The cloud giant has since addressed and patched all the reported issues, demonstrating a swift response to potential security threats
2
.Implications for Cloud Security
This discovery underscores the ongoing challenges in maintaining security in complex cloud environments. It highlights the importance of continuous security monitoring and the need for cloud service providers to regularly audit and update their systems
1
.Related Stories
Aqua Security's Role
Aqua Security's proactive approach in identifying these vulnerabilities showcases the crucial role of cybersecurity firms in maintaining the integrity of cloud ecosystems. Their research team, Team Nautilus, continues to be at the forefront of identifying potential threats in cloud native environments
2
.Recommendations for AWS Users
While AWS has patched the vulnerabilities, users of these services are advised to ensure they are running the latest versions and to follow AWS's best practices for security. Regular security audits and staying informed about potential vulnerabilities remain crucial for maintaining robust cloud security
1
.References
Summarized by
Navi
Related Stories
Amazon's AI Coding Assistant Q Compromised: Hacker Injects Data-Wiping Commands
25 Jul 2025•Technology
Critical Vulnerabilities in Nvidia's Triton Inference Server Expose AI Models to Potential Attacks
05 Aug 2025•Technology
AI-Assisted Supply Chain Attack on Nx NPM Packages Exposes Thousands of Developer Credentials
28 Aug 2025•Technology
Weekly Highlights
Weekly Highlights
Today's Top Stories
Your Daily Dose of Curated AI News
Don’t drown in AI news. We cut through the noise - filtering, ranking and summarizing the most important AI news, breakthroughs and research daily. Spend less time searching for the latest in AI and get straight to action.
