Security News

Former Amazon security engineer Shakeeb Ahmed was sentenced to three years in prison for hacking two cryptocurrency exchanges in July 2022 and stealing over $12 million. The breached entities are Nirvana Finance, a decentralized crypto exchange, and an unnamed exchange on the Solana blockchain platform that Ahmed hacked using his smart contract reverse engineering and blockchain audit skills.

Former Amazon security engineer Shakeeb Ahmed pleaded guilty this week to hacking and stealing over $12.3 million from two cryptocurrency exchanges in July 2022. The two affected companies are Nirvana Finance, a decentralized crypto exchange, and an unnamed exchange on the Solana blockchain platform that Ahmed hacked using his blockchain audit and smart contract reverse engineering skills.

Operating as an Organized Retail Crime gang across online forums and social media, this fraud service provider provides illicit refunds for individuals in exchange for a fee. REKK then requested a refund, manipulating Amazon's support representatives through social engineering tactics, unauthorized access to Amazon systems, and bribing insiders to secure a refund without returning the purchased product.

Amazon Web Services has launched an independent cloud for Europe designed for public sector customers and companies operating in highly regulated industries within the European Union. The AWS Sovereign Cloud will operate both "Physically and logically" separate from AWS's existing cloud regions and has been engineered specifically to meet the data residency and regulatory requirements of European customers.

India's Central Bureau of Investigation raided 76 locations in a nationwide crackdown on cybercrime operations behind tech support scams and cryptocurrency fraud. The police operation, part of Operation Chakra-II, aims to dismantle cyber-enabled financial crime rings and is a collaborative effort involving international law enforcement agencies and tech companies such as Microsoft and Amazon, working alongside the Indian federal enforcement agency.

Amazon has quietly added passkey support as a new passwordless login option for customers, offering better protection from information-stealing malware and phishing attacks. Amazon recently added a new section in the Your Account > Login & security settings that lets you generate a passkey that can be used to log in to the site.

Amazon will require all privileged AWS accounts to use multi-factor authentication for stronger protection against account hijacks leading to data breaches, starting in mid-2024.Amazon has been offering free MFA security keys for eligible AWS customers in the United States since 2021 and added more flexible MFA options on the platform in November 2022, allowing the registration of up to 8 MFA devices per account.

Amazon wants to make it more difficult for attackers to compromise Amazon Web Services root accounts, by requiring those account holders to enable multi-factor authentication. The root account holder is the first identity created when creating an AWS account and the most privileged user, as it has access to all AWS services and resources in the account.

Amazon mistakenly sent out purchase confirmation emails for Hotels.com, Google Play, and Mastercard gift cards to customers, making many worried their accounts were compromised. The emails were sent out last night, with customers reporting receiving three separate emails from Amazon Prime for each alleged gift card purchase.

A popular replication solution for AWS is Amazon S3 Replication, a robust feature that replicates objects and their metadata across multiple S3 buckets. Disaster recovery and data redundancy: Cross-region replication is an integral component of disaster recovery strategies, ensuring data integrity, and mitigating data loss through backups and active/passive or active/active failover strategies.