150 abandoned Amazon S3 buckets could have been leveraged to deliver malware or backdoors to governments and Fortune companies.
The post Abandoned Amazon S3 Buckets Enabled Attacks Against Governments, Big Firms appeared first on SecurityWeek.
Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue
As many as 15,000 applications using AWS Application Load Balancer (ALB) could be exposed to ALBeast attacks.
The post Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue appeared first on SecurityWeek.
Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign
Security researchers at Palo Alto Networks discover a threat actor extorting organizations after compromising their cloud environments using inadvertently exposed environment variables.
The post Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign appeared first on SecurityWeek.
AWS Patches Vulnerabilities Potentially Allowing Account Takeovers
AWS has patched vulnerabilities in several products, including flaws that could have been exploited to take over accounts.
The post AWS Patches Vulnerabilities Potentially Allowing Account Takeovers appeared first on SecurityWeek.
AWS Deploying ‘Mithra’ Neural Network to Predict and Block Malicious Domains
AWS says a massive neural network graph model with 3.5 billion nodes and 48 billion edges is speeding up the prediction and detection of malicious domains.
The post AWS Deploying ‘Mithra’ Neural Network to Predict and Block Malicious Domains appeared first on SecurityWeek.
AWS Announces Authentication and Malware Protection Enhancements
AWS announced passkey MFA for IAM and root users, IAM Access Analyzer updates, and Amazon GuardDuty Malware Protection for S3.
The post AWS Announces Authentication and Malware Protection Enhancements appeared first on SecurityWeek.
Inside AWS’s Crusade Against IP Spoofing and DDoS Attacks
SecurityWeek speaks to Tom Scholl, VP and distinguished engineer at AWS, on how the organization tackles IP Spoofing and DDoS attacks.
The post Inside AWS’s Crusade Against IP Spoofing and DDoS Attacks appeared first on SecurityWeek.
Researchers Flag FBot Hacking Tool Hijacking Cloud, Payment Services
The tool, called FBot, is capable of credential harvesting for spamming attacks, and AWS, PayPal and SaaS account hijacking.
The post Researchers Flag FBot Hacking Tool Hijacking Cloud, Payment Services appeared first on SecurityWeek.
Amazon One Enterprise Enables Palm-Based Access to Physical Locations, Digital Assets
AWS announces Amazon One Enterprise, a palm-based identity service that enables users to easily access physical locations and digital assets.
The post Amazon One Enterprise Enables Palm-Based Access to Physical Locations, Digital Assets appeared first on SecurityWeek.
AWS Using MadPot Decoy System to Disrupt APTs, Botnets
AWS says an internal threat intel decoy system called MadPot has successfully trapped nation state-backed APTs like Volt Typhoon and Sandworm.
The post AWS Using MadPot Decoy System to Disrupt APTs, Botnets appeared first on SecurityWeek.