Security News

A targeted campaign exploited Server-Side Request Forgery (SSRF) vulnerabilities in websites hosted on AWS EC2 instances to extract EC2 Metadata, which could include Identity and Access Management...

Amazon Web Services (AWS) has added support for the ML-KEM post-quantum key encapsulation mechanism to AWS Key Management Service (KMS), AWS Certificate Manager (ACM), and AWS Secrets Manager,...

If you're using AWS, it's easy to assume your cloud security is handled - but that's a dangerous misconception. AWS secures its own infrastructure, but security within a cloud environment remains...

Finders Keypers is an open-source tool for analyzing the current usage of AWS KMS keys. It supports both AWS customer managed KMS keys and AWS Managed KMS keys. Use cases include: Identifying the...

Threat actors are targeting Amazon Web Services (AWS) environments to push out phishing campaigns to unsuspecting targets, according to findings from Palo Alto Networks Unit 42. The cybersecurity...

You can find out if your GitHub codebase is leaking keys ... but so can miscreants A free automated tool that lets anyone scan public GitHub repositories for exposed AWS credentials has been released.…

Cybersecurity researchers have disclosed a new type of name confusion attack called whoAMI that allows anyone who publishes an Amazon Machine Image (AMI) with a specific name to gain code...

When cloud customers don't clean up after themselves, part 97 Abandoned AWS S3 buckets could be reused to hijack the global software supply chain in an attack that would make Russia's "SolarWinds...

The shared responsibility model: why securing AWS workloads is essential Partner Content Organizations are increasingly shifting their deployments to the cloud due to its many benefits over...

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Attackers are encrypting AWS S3 data without using ransomware A ransomware gang dubbed Codefinger...