Scott Piper on Twitter: "😱😱😱 This is worse than ChaosDB for AWS. @orcasec gained access to all AWS resources in all AWS accounts! They accessed the AWS internal CloudFormation service. https://t.co/2oCCRvo389 Separately, they did something similar for Glue. https://t.co/BDFMLQI06B… https://t.co/xvPco7aVH0"
AWS security (not employed by Amazon). Developed http:// flaws.cloud , CloudMapper, and Parliament. Organizer for @fwdcloudsec. Cloud security historian.
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
By embedding Twitter content in your website or app, you are agreeing to the Twitter Developer Agreement and Developer Policy.
The fastest way to share someone else’s Tweet with your followers is with a Retweet. Tap the icon to send it instantly.
This is worse than ChaosDB for AWS. @orcasec gained access to all AWS resources in all AWS accounts! They accessed the AWS internal CloudFormation service. https:// orca.security/resources/blog /aws-cloudformation-vulnerability/ … Separately, they did something similar for Glue. https:// orca.security/resources/blog /aws-glue-vulnerability/ … pic.twitter.com/4tp3CLynhs
Given that Orca's security findings happened at the same time as Wiz's ChaosDB and OMIGOD, but that Orca waited to disclose until now (I assume at the request of AWS), I would bet Orca missed out on at least $1B in valuation by delaying. Plus at least Azure paid a bounty.
/cdn.vox-cdn.com/uploads/chorus_asset/file/24801728/Screenshot_2023_07_21_at_1.45.12_PM.jpeg)
