Amazon Disrupts Russian APT29 Watering Hole Targeting Microsoft Authentication
Amazon has disrupted a Russian APT29 watering hole campaign that used compromised sites to target Microsoft authentication with…
aws
AWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as Secure
AWS has addressed a vulnerability that could have been leveraged to bypass Trusted Advisor’s S3 bucket permissions check.
The post AWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as Secure appeared first on SecurityWeek.
AWS Trusted Advisor flaw allowed public S3 buckets to go unflagged
AWS’s Trusted Advisor tool, which is supposed to warn customers if their (cloud) S3 storage buckets are publicly exposed, could be “tricked” into reporting them as not exposed when they actually are, Fog Security researchers have found. S3 …
As AI grows smarter, your identity security must too
AI is no longer on the horizon, it’s already transforming how organizations operate. In just a few years, we’ve gone from isolated pilots to enterprise-wide adoption. According to a recent SailPoint survey, 82% of companies are running AI agents today,…
AWS CISO explains how cloud-native security scales with your business
In this Help Net Security interview, Amy Herzog, CISO at AWS, discusses how cloud-native security enables scalable, flexible protection that aligns with how teams build in the cloud. She explains the Shared Responsibility Model and the tools and proces…
Hacker Added Prompt to Amazon Q to Erase Files and Cloud Data
A hacker injected a malicious prompt into Amazon Q via GitHub, aiming to delete user files and wipe AWS data, exposing a major security flaw.
Government Organizations Targeted via AWS Lambda URL Endpoint Exploits
Unit 42 researchers from Palo Alto Networks have been monitoring a sophisticated threat cluster designated CL-STA-1020, which has been systematically targeting governmental entities across Southeast Asia. This operation focuses on extracting sensitive …
Mis-scoped AWS Organizations Policy Allowed Hackers to Seize Full Control of AWS Environment
Security professionals have uncovered serious vulnerabilities in AWS Organizations in a ground-breaking study by Cymulate Research Labs that might allow attackers to switch between accounts, increase privileges, and take control the entire organization…
AWS launches new cloud security features
Amazon Web Services has announced new and improved security features at its annual AWS re:Inforce cloud security conference. The company has also introduced features aimed at speeding up backup recovery, and has announced the completion of its push to …
Hackers Upload Weaponized Packages to PyPI Repositories to Steal AWS Tokens and Sensitive Data
The JFrog Security Research team has uncovered a sophisticated malicious package named “chimera-sandbox-extensions” on the Python Package Index (PyPI), a widely used repository for Python software. Uploaded by a user identified as “ch…