腾讯网

AWS 云开发工具漏洞可能导致 AWS 账户被彻底接管

安全公司 Aqua 在 AWS 云开发工具(CDK)中发现了一个新漏洞:手动删除 AWS S3 存储桶的对象可能导致黑客完全接管目标的 AWS 账户。虽然 AWS 已经修复了该漏洞,但如果使用的 CDK 为 v2.148.1 或更早版本,则仍需采取行动。 AWS 云开发工具(CDK)是一款 IaC 工具,允许 ...
InfoQ

AWS Launches CDK Migrate and CloudFormation IaC Generator for Infrastructure as Code Adoption

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
CSOonline

Predictable AWS cloud deployment resources allow full account takeover

Amazon Web Services (AWS) is urging its open-source Cloud Development Kit (CDK) users to apply fixes now available for a flaw that, under certain circumstances, can allow complete account takeover.