Lunch Time Nibbles – 2022-11-28


Welcome to another Lunch Time breakout:

Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services
Amazon Web Services (AWS) has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources.
The issue relates to a confused deputy problem, a type of privilege escalation where a program that doesn’t have permission to perform an action can coerce a more-privileged entity to perform the action.
The shortcoming was reported
Read more….

Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks
Over a dozen security flaws have been discovered in baseboard management controller (BMC) firmware from Lanner that could expose operational technology (OT) and internet of things (IoT) networks to remote attacks.
BMC refers to a specialized service processor, a system-on-chip (SoC), that’s found in server motherboards and is used for remote monitoring and management of a host system, including
Read more….

Follow for more…


Create a website or blog at

%d bloggers like this: