
image credit: adobe stock
It’s a familiar story: A feature designed for convenience is used to sidestep security measures. In this presentation from Black Hat USA 2021, a pair of researchers show how they found three separate ways to hop between accounts on AWS. Even though fixes for those vulnerabilities were released quickly, the holes reveal that cloud services do not offer the level of isolation expected. The long-term solution may mean changing how the cybersecurity sector handles CVEs.