This week's articles
AWS Built a Security Tool. It Introduced a Security Risk.
The "Account Assessment for AWS Organizations" tool, designed to audit resource-based policies for risky cross-account access, ironically introduced cross-account privilege escalation risks due to flawed deployment instructions.
#attack
#aws
#iam
Shadow Roles: AWS Defaults Can Open the Door to Service Takeover
Post walking through multiple real-world scenarios, including how a malicious Hugging Face model can escalate privileges, how limited Glue access can impact other services, and how a single default role can ultimately lead to full control of an AWS account.
#attack
#aws
Insecure credential storage plagues MCP
Many MCP environments store long-term API keys for third-party services in plaintext on the local filesystem, often with insecure, world-readable permissions.
#ai
#attack
|