Security News

Ex-Amazon engineer pleads guilty to hacking crypto exchanges
2023-12-15 20:32

Former Amazon security engineer Shakeeb Ahmed pleaded guilty this week to hacking and stealing over $12.3 million from two cryptocurrency exchanges in July 2022. The two affected companies are Nirvana Finance, a decentralized crypto exchange, and an unnamed exchange on the Solana blockchain platform that Ahmed hacked using his blockchain audit and smart contract reverse engineering skills.

Amazon sues REKK fraud gang that stole millions in illicit refunds
2023-12-08 16:47

Operating as an Organized Retail Crime gang across online forums and social media, this fraud service provider provides illicit refunds for individuals in exchange for a fee. REKK then requested a refund, manipulating Amazon's support representatives through social engineering tactics, unauthorized access to Amazon systems, and bribing insiders to secure a refund without returning the purchased product.

Amazon Web Services Launches Independent European Cloud as Calls for Data Sovereignty Grow
2023-11-01 17:10

Amazon Web Services has launched an independent cloud for Europe designed for public sector customers and companies operating in highly regulated industries within the European Union. The AWS Sovereign Cloud will operate both "Physically and logically" separate from AWS's existing cloud regions and has been engineered specifically to meet the data residency and regulatory requirements of European customers.

India targets Microsoft, Amazon tech support scammers in nationwide crackdown
2023-10-19 17:22

India's Central Bureau of Investigation raided 76 locations in a nationwide crackdown on cybercrime operations behind tech support scams and cryptocurrency fraud. The police operation, part of Operation Chakra-II, aims to dismantle cyber-enabled financial crime rings and is a collaborative effort involving international law enforcement agencies and tech companies such as Microsoft and Amazon, working alongside the Indian federal enforcement agency.

Amazon adds passkey support as new passwordless login option
2023-10-17 19:09

Amazon has quietly added passkey support as a new passwordless login option for customers, offering better protection from information-stealing malware and phishing attacks. Amazon recently added a new section in the Your Account > Login & security settings that lets you generate a passkey that can be used to log in to the site.

Amazon to make MFA mandatory for 'root' AWS accounts by mid-2024
2023-10-05 17:06

Amazon will require all privileged AWS accounts to use multi-factor authentication for stronger protection against account hijacks leading to data breaches, starting in mid-2024.Amazon has been offering free MFA security keys for eligible AWS customers in the United States since 2021 and added more flexible MFA options on the platform in November 2022, allowing the registration of up to 8 MFA devices per account.

Amazon: AWS root accounts must have MFA enabled
2023-10-04 08:52

Amazon wants to make it more difficult for attackers to compromise Amazon Web Services root accounts, by requiring those account holders to enable multi-factor authentication. The root account holder is the first identity created when creating an AWS account and the most privileged user, as it has access to all AWS services and resources in the account.

Amazon sends Mastercard, Google Play gift card order emails by mistake
2023-10-01 18:23

Amazon mistakenly sent out purchase confirmation emails for Hotels.com, Google Play, and Mastercard gift cards to customers, making many worried their accounts were compromised. The emails were sent out last night, with customers reporting receiving three separate emails from Amazon Prime for each alleged gift card purchase.

How to set up and speed up Amazon S3 Replication for cross-region data replication
2023-09-21 04:30

A popular replication solution for AWS is Amazon S3 Replication, a robust feature that replicates objects and their metadata across multiple S3 buckets. Disaster recovery and data redundancy: Cross-region replication is an integral component of disaster recovery strategies, ensuring data integrity, and mitigating data loss through backups and active/passive or active/active failover strategies.

Sneaky Amazon Google ad leads to Microsoft support scam
2023-08-21 17:52

A legitimate-looking ad for Amazon in Google search results redirects visitors to a Microsoft Defender tech support scam that locks up their browser. Clicking on the Google ad will redirect the person to a tech support scam pretending to be an alert from Microsoft Defender stating that you are infected with the ads(exe).