Cybersecurity researchers have disclosed a new type of name confusion attack called whoAMI that allows anyone who publishes an Amazon Machine Image (AMI) with a specific name to gain code execution within the Amazon Web Services (AWS) account.
« If executed at scale, this attack could be used to gain access to thousands of accounts, » Datadog Security Labs researcher Seth Art said in a report
