Threat Watch

AWS Patches Glue Bug

Researchers discovered a vulnerability in the Amazon Web Service (AWS) Glue service which could allow remote attackers to access sensitive data. The issue was made possible due to an internal configuration error. AWS Glue is a serverless data integration service that allows customers to discover and combine data for machine learning, analytics, and application development. The issue is a privilege escalation flaw that allowed the researchers to gain access to high level administrator accounts and access any data they wanted. Because of the nature of the sensitive data on these servers, it is a high valued target for threat actors.

Subscribe to Threat Watch

Daily summaries of threats, delivered straight to your inbox!


Click Here to Subscribe to Threat Watch

ANALYST NOTES

Luckily, the research team that discovered the vulnerability within the service reported it to AWS to mitigate. AWS announced that it was fixed before any threat actors had the chance to exploit the vulnerability and steal data.

https://www.infosecurity-magazine.com/news/aws-patches-glue-bug-customer-data/

Facebook Twitter Instagram Youtube Linkedin
Solutions
Become a Reseller

Industries

Resources

About

Contact Us
Contact Support