@securitylabs.datadoghq.com on Bluesky

JavaScript RequiredThis is a heavily interactive web application, and JavaScript is required. Simple HTML interfaces are possible, but that is not what this is. Learn more about Bluesky at bsky.social and atproto.com.

Post

Datadog Security Labs

securitylabs.datadoghq.com

did:plc:jumetvvl73e6vv5abqctisa7

We discovered a pattern in the way many projects retrieve Amazon Machine Images (AMIs), allowing attackers to publish AMIs with specially crafted names and gain code execution within vulnerable accounts. https://securitylabs.datadoghq.com/articles/whoami-a-cloud-image-name-confusion-attack/ by @sethsec.bsky.social

2025-02-12T15:29:40.255Z