Reposted by ʇıq
I’m excited to share our research on the “whoAMI” attack. We discovered that AWS customers pulling AMI IDs insecurely could accidentally use malicious images instead of the legitimate ones— leading to remote code execution.
securitylabs.datadoghq.com/articles/who...
securitylabs.datadoghq.com/articles/who...
whoAMI: A cloud image name confusion attack | Datadog Security Labs
Detailing the discovery and impact of the whoAMI cloud image name confusion attack, which could allow attackers to execute code within AWS accounts due to a vulnerable pattern in AMI retrieval.
securitylabs.datadoghq.com
February 12, 2025 at 4:56 PM
I’m excited to share our research on the “whoAMI” attack. We discovered that AWS customers pulling AMI IDs insecurely could accidentally use malicious images instead of the legitimate ones— leading to remote code execution.
securitylabs.datadoghq.com/articles/who...
securitylabs.datadoghq.com/articles/who...