whoAMI name confusion attacks can expose AWS accounts to malicious code execution | CSO Online

A cloud image name confusion attack, “whoAMI,” can expose thousands of active AWS accounts to malicious code execution. The attack exploits misconfigured software retrieving Amazon Machine Images (AMIs) to create EC2 instances, potentially allowing attackers to execute code within vulnerable AWS accounts. AWS has addressed the issue by introducing Allowed AMIs, a feature that lets users define a trusted allow list for AMI selection.