Podcasts
Research Saturday
Ep 251
Research Saturday 9.24.22
Ep 251 | 9.24.22

Keeping an eye on RDS vulnerabilities.

Show Notes
Transcript

Gafnit Amiga, Director of Security Research from Lightspin, joins Dave to discuss her team's research "AWS RDS Vulnerability Leads to AWS Internal Service Credentials." The research describes how the vulnerability was caught and right after it was reported, the AWS Security team applied an initial patch limited only to the recent Amazon Relational Database Service (RDS) and Aurora PostgreSQL engines, excluding older versions.

They followed by personally reaching out to the customers affected by the vulnerability and helped them through the update process. The research states "Lightspin's Research Team obtained credentials to an internal AWS service by exploiting a local file read vulnerability on the RDS EC2 instance using the log_fdw extension."

The research can be found here:

Research Saturday
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Saturdays
Creator: CyberWire, Inc.
Research Saturday
ADVERTISEMENT
Sponsored by CrowdSec
Sponsored by CrowdSec

CrowdSec is a software editor developing the eponym open-source, free, massively multiplayer firewall designed to protect your IT assets against all kinds of attacks. You can also share signals across the community to ensure mutual security and have each other’s backs. Learn more.

Sponsored by Keeper Security
Sponsored by Keeper Security

Keeper is the top-rated cybersecurity platform for protecting organizations of all sizes from the most common password-related data breaches and cyberattacks. Learn more at Keeper Security.