Onus for cloud security falls on customers, but AWS could do more, CISO says
Source: ciodive.com Dive Brief: Amazon Web Services CISO Stephen Schmidt said the company is unaware of “any other noteworthy” compromises of AWS customers, in response to Senator Ron Wyden’s, D-Ore., inquiry into AWS’ role in Capital One’s data breach. Paige “erratic” Thompson exploited a “Server-Side Request Forgery” (SSRF) vulnerability to gain access, which was amplified by abusing permissions escalation, according to Schmidt. Though SSRF was not the “primary factor” in the bank’s breach, “it’s possible that there have been small
Read more