Researchers discovered a vulnerability in the Amazon Web Service (AWS) Glue service which could allow remote attackers to access sensitive data. The issue was made possible due to an internal configuration error. AWS Glue is a serverless data integration service that allows customers to discover and combine data for machine learning, analytics, and application development. The issue is a privilege escalation flaw that allowed the researchers to gain access to high level administrator accounts and access any data they wanted. Because of the nature of the sensitive data on these servers, it is a high valued target for threat actors.
Headline-grabbing attacks such as Solarwinds, Kaseya, Colonial Pipeline, JBS Foods and the Log4j vulnerability kept