Amazon CloudFront

MindPoint Group researchers discovered a security flaw in Amazon CloudFront’s Content Delivery Network (CDN) that allowed them to hijack subdomains from legitimate websites. This vulnerability exists within Amazon CloudFront’s CDN routing mechanism that links a website’s domain and subdomains to a specific server. If exploited, a remote threat actor could point misconfigured subdomains to their own endpoints and use them to deliver malicious content to unsuspecting visitors. After being notified of the flaw, Amazon took ownership of over 2,000 domains that MindPoint Group researchers hijacked during their demonstration and now uses those pages to display a warning for website owners. Additionally, Amazon launched new AWS security tools for customers. More information about the flaw and Amazon’s new security tools is available via Bleeping Computer. The NJCCIC recommends all Amazon CloudFront administrators review the MindPoint Group report titled CloudFront Hijacking and follow the recommendations included to secure their CloudFront distributions.