Top

Tag: aws


Data loss, Threats & Malware

Wyze admits 13,000 users could have viewed strangers’ camera feeds

February 20, 2024

Via: The Register

Smart home security camera slinger Wyze is telling customers that a cybersecurity “incident” allowed thousands of users to see other people’s camera feeds. Thanks to a helpful Reg reader who sent a customer email over to us, we know that […]


Threats & Malware, Virus & Malware

Wyze users slammed by service outage, severing connection to app and cameras

February 16, 2024

Via: TechRadar

Smart home brand Wyze Labs recently suffered through a massive service outage with users flooding the internet with reports stating their security cameras no longer work. The issues people are experiencing vary case by case. There are posts on the […]


Threats & Malware, Virus & Malware

FBI: Beware of thieves building Androxgh0st botnets using stolen creds

January 17, 2024

Via: The Register

Crooks are exploiting years-old vulnerabilities to deploy Androxgh0st malware and build a cloud-credential stealing botnet, according to the FBI and the Cybersecurity and Infrastructure Security Agency (CISA). In a joint warning issued on Tuesday, the US government agencies said the […]


Network security, Security

AWS Kill Switch: Open-source incident response tool

November 27, 2023

Via: Help Net Security

AWS Kill Switch is an open-source incident response tool for quickly locking down AWS accounts and IAM roles during a security incident. The solution includes a Lambda function and proof of concept client. You can either adopt this client or […]


Network security, Security

Trellix accelerates threat detection and response with GenAI capabilities

November 27, 2023

Via: Help Net Security

Trellix announced its generative artificial intelligence (GenAI) capabilities, built on Amazon Bedrock and supported by Trellix Advanced Research Center. Amazon Bedrock is a fully managed service from AWS making foundation models (FMs) from leading AI companies accessible via an API […]


Data loss, Threats & Malware

Cryptojackers steal AWS credentials from GitHub in 5 minutes

October 30, 2023

Via: The Register

Security researchers have uncovered a multi-year cryptojacking campaign they claim autonomously clones GitHub repositories and steals their exposed AWS credentials. Given the name “EleKtra-Leak” by researchers at Palo Alto Networks’s Unit 42, the criminals behind the campaign are credited with […]


Threats & Malware, Virus & Malware

HTTP/2 Rapid Reset Zero-Day Largest DDoS Attack in Internet History

October 12, 2023

Via: SecureWorld

In recent months, the cybersecurity world has been shaken by the revelation of a sophisticated and unprecedented cyber threat: the HTTP/2 Rapid Reset Zero-Day vulnerability. This exploit, tracked as CVE-2023-44487, enabled cybercriminals to orchestrate what has been dubbed the largest […]


Network security, Security

Arcserve and Wasabi join forces to protect mission-critical data across diverse workloads

October 5, 2023

Via: Help Net Security

Arcserve announced it is partnering with Wasabi Technologies to introduce an integrated total unified data solution package. Exclusively available through Climb Distribution, this offering combines Arcserve’s Unified Data Protection UDP 9.0 and above with Wasabi’s immutable cloud storage, ensuring a […]


Data loss, Threats & Malware

Misconfigured WBSC server leaks thousands of passports

September 29, 2023

Via: Security Affairs

On June 5th, our researchers discovered a misconfigured Amazon Web Services (AWS) bucket storing nearly 48,000 files. A bucket is a container for storing data within AWS’s cloud storage system. The misconfiguration exposed the repository’s contents. According to our team, […]


Threats & Malware, Virus & Malware

New cryptojacking attacks target uncommon AWS instances

September 19, 2023

Via: TechRadar

Cybersecurity researchers from Sysdig recently uncovered a new cryptojacking campaign that targeted uncommon Amazon Web Services (AWS) services. Cryptojacking is a type of cyberattack in which the threat actor secretly installs a cryptocurrency miner on a target endpoint. While not […]


Threats & Malware, Virus & Malware

Cryptojackers spread their nets to capture more than just EC2

September 18, 2023

Via: The Register

As cloud native computing continues to gain popularity, so does the risk posed by criminals seeking to exploit the unwary. One newly spotted method targets services on the AWS platform, but not necessarily the ones you might think. Researchers from […]


Threats & Malware, Vulnerabilities

Agile Approach to Mass Cloud Credential Harvesting and Crypto Mining Sprints Ahead

August 23, 2023

Via: The Hacker News

Developers are not the only people who have adopted the agile methodology for their development processes. From 2023-06-15 to 2023-07-11, Permiso Security’s p0 Labs team identified and tracked an attacker developing and deploying eight (8) incremental iterations of their credential […]


Cloud security, Security

Researchers Uncover AWS SSM Agent Misuse as a Covert Remote Access Trojan

August 2, 2023

Via: The Hacker News

Cybersecurity researchers have discovered a new post-exploitation technique in Amazon Web Services (AWS) that allows the AWS Systems Manager Agent (SSM Agent) to be run as a remote access trojan on Windows and Linux environments “The SSM agent, a legitimate […]


Mobile, Mobile security

Google Messages Getting Cross-Platform End-to-End Encryption with MLS Protocol

July 24, 2023

Via: The Hacker News

Google has announced that it intends to add support for Message Layer Security (MLS) to its Messages service for Android and open source implementation of the specification. “Most modern consumer messaging platforms (including Google Messages) support end-to-end encryption, but users […]


Cloud security, Security

SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign

July 11, 2023

Via: The Hacker News

Cloud environments continue to be at the receiving end of an ongoing advanced attack campaign dubbed SCARLETEEL, with the threat actors now setting their sights on Amazon Web Services (AWS) Fargate. “Cloud environments are still their primary target, but the […]


Threats & Malware, Virus & Malware

Legion Malware Upgraded to Target SSH Servers and AWS Credentials

May 24, 2023

Via: The Hacker News

An updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services (AWS) credentials associated with DynamoDB and CloudWatch. “This recent update demonstrates a widening of scope, with new capabilities such […]


Data loss, Threats & Malware

Researchers Discover Hundreds of Amazon RDS Instances Leaking Users’ Personal Data

November 16, 2022

Via: The Hacker News

Hundreds of databases on Amazon Relational Database Service (Amazon RDS) are exposing personal identifiable information (PII), new findings from Mitiga, a cloud incident response company, show. “Leaking PII in this manner provides a potential treasure trove for threat actors – […]


Cloud security, Security

UK Spy Chiefs Seal Cloud Data Deal With Amazon: FT

October 26, 2021

Via: Security Week

The secret contract was signed this year and experts estimate its value at £500 million ($690 million) to £1 billion, the newspaper said, citing people familiar with the discussions. It was said to be spearheaded by Britain’s cybersecurity agency GCHQ, […]


Cloud security, Security

AWS, Google Cloud, and Azure: How their security features compare

June 14, 2021

Via: CSO Online

Security in the public cloud is based on the concept of shared responsibility: The largest cloud service providers deliver a secure, hyperscale environment, but it’s up to the customer to protect everything it puts into the cloud. This separation of […]


Hacker, Threats & Malware

DOJ Charges Texas Resident for Allegedly Planning to ‘Kill About 70% of The Internet”

April 13, 2021

Via: Hot for Security

Last Thursday, a Wichita Falls resident was arrested for allegedly attempting to bomb an AWS data center in Virginia. According to the US Department of Justice (DOJ), 28-year Seth Aaron Pendley was detained after a concerned citizen alerted authorities to […]