The Hacker News

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

A misconfigured AWS CodeBuild webhook allowed bypass of actor ID checks, risking takeover of four AWS GitHub repositories ...
CodeZine(コードジン)

AWS SDK for JavaScript(v3)、Node.js 10.xのサポートを12月31日に終了

CodeZineは、株式会社翔泳社が運営するソフトウェア開発者向けのWebメディアです。「デベロッパーの成長と課題解決に貢献するメディア」をコンセプトに、現場で役立つ最新情報を日々お届けします。
Techzine Europe

CodeBreach enables takeover of AWS GitHub repositories

Wiz discovered a critical vulnerability in AWS CodeBuild that allowed attackers to access core AWS repositories, including the widely used JavaScript SDK.
note

AWS | Amazon ComprehendとAWS SDK for JavaScript v3で感情分析

Node.jsのアプリケーションからAmazon Comprehendを利用した感情分析を簡単に試せたのでメモです。 シンプルです。SDKのinput ...
Infosecurity Magazine

CodeBuild Flaw Put AWS Console Supply Chain At Risk

A critical misconfiguration in AWS CodeBuild has allowed attackers to seize control of core AWS GitHub repositories, including the JavaScript SDK that underpins the AWS Console.
The Register on MSN

A simple CodeBuild flaw put every AWS environment at risk – and pwned the central nervous ...

And it's 'not unique to AWS,' researcher tells The Reg A critical misconfiguration in AWS's CodeBuild service allowed ...