August 22, 2024 at 11:18AM
Israeli cybersecurity company Miggo has discovered a vulnerability named “ALBeast” impacting up to 15,000 Amazon Web Services’ (AWS) Application Load Balancer (ALB) users. The issue allows attackers to bypass authentication controls, potentially compromising exposed cloud applications. Amazon has updated its authentication documentation and recommends implementing additional security measures to mitigate the risk.
The meeting notes cover a discussion about a potential security vulnerability in Amazon Web Services’ Application Load Balancer (ALB) called ALBeast. The vulnerability could allow attackers to access affected applications by creating their own ALB instance with authentication configured in their account, using it to sign a token and accessing the target application, bypassing both authentication and authorization.
After a responsible disclosure in April 2024, Amazon updated the authentication feature documentation and added a new code to validate the signer. They also recommended restricting targets to only receive traffic from the Application Load Balancer by configuring the targets’ security group to reference the load balancer’s security group ID.
Additionally, the meeting notes also mentioned a disclosure by Acronis regarding a Microsoft Exchange misconfiguration that could lead to email spoofing attacks. This could allow threat actors to send malicious emails masquerading as trusted entities by bypassing DKIM, DMARC, and SPF protections.
The meeting notes conclude by encouraging readers to follow the company on Twitter and LinkedIn for more exclusive content.