Dark Reading

Researcher Details Vulnerabilities Found in AWS API Gateway

BLACK HAT EUROPE 2021 — London — All it took was a space between characters and a few random letters, and Web researcher Daniel Thatcher was able to modify the HTTP header sent to Amazon API Gateway.
Bleeping Computer

whoAMI attacks give hackers code execution on Amazon EC2 instances

Security researchers discovered a name confusion attack that allows access to an Amazon Web Services account to anyone that publishes an Amazon Machine Image (AMI) with a specific name. Dubbed "whoAMI ...