Need to hack thousands of AWS customers? What about on internal AWS systems? Datadog Security Research found that a number of tools, including one published by AWS, are susceptible to name confusion attacks, leading to RCE in vulnerable environments!
securitylabs.datadoghq.com/articles/who...
Detailing the discovery and impact of the whoAMI cloud image name confusion attack, which could allow attackers to execute code within AWS accounts due to a vulnerable pattern in AMI retrieval.
