AWS patches bypass bug in CloudTrail API monitoring tool
23-Jan-23
Attackers might use a bypass flaw that Amazon Web Services (AWS) has addressed to get around the CloudTrail API monitoring. The CloudTrail event logging service, a data source for defenders investigating API operations, is affected by the vulnerability, according to senior researcher Nick Frichette of Datadog Security Labs in a blog post from January 17. Defenders may rely heavily on event recording technologies to identify suspicious activity and conduct forensic investigations after a security incident. Along with API usage, CloudTrail tracks and logs AWS environment events. However, the Datadog Security Research Team discovered a method for getting around logging mechanisms, enabling threat actors to conduct reconnaissance operations in the IAM service without being noticed.
