Security News

As you may or may not know given the frequency of data breaches during the pandemic era, but October is cybersecurity awareness month.While many organisations have advocated for smarter cybersecurity practices to be observed in our personal and professional lives, Amazon Web Services (AWS) is offering something on top of this – freely accessible cybersecurity awareness training.

Ermetic announced the results of a study about the security posture of AWS environments and their vulnerability to ransomware attacks. As more and more data moves to the cloud, platforms like AWS are becoming an attractive target for ransomware operators.

Here is where AWS environments can differ from traditional penetration tests as AWS networks' software-defined nature often means tighter controls are maintained between networks, and lateral movement is a challenge. The AWS configuration review should include, and inform you of, how your users and services access and interact with your AWS environment, including permissions assigned to those users and services.

Domain registrar MarkMonitor had left more than 60,000 parked domains vulnerable to domain hijacking. The parked domains were seen pointing to nonexistent Amazon S3 bucket addresses, hinting that there existed a domain takeover weakness.

All AWS Level 1 MSSP Competency Partners provide at minimum the ten 24/7 security monitoring, protection, and remediation services as defined in the Level 1 Managed Security Services baseline. Many of the Level 1 MSSP Competency Partners also provide additional security assessment and implementation professional services as well to assist customers in their AWS cloud journey.

CYFIRMA announced the availability of CYFIRMA's two core products, DeCYFIR and DeTCT, in Amazon Web Services Marketplace. CYFIRMA has also been inducted into the AWS Independent Software Vendors Accelerate program, which provides CYFIRMA with co-sell support and benefits to easily gain access to millions of active AWS customers with AWS field sellers globally.

Data analysis firm Splunk says it's found a resurgence of the Crypto botnet - malware that attacks virtual servers running Windows Server inside Amazon Web Services. Splunk's Threat Research Team posted its analysis of the attack on Monday, suggesting it starts with a probe for Windows Server instances running on AWS, and seeks out those with remote desktop protocol enabled.

This undocumented spying option was also available at Google Cloud DNS and at least one other DNS-as-a-service provider. In a presentation earlier this week at the Black Hat USA 2021 security conference in Las Vegas, Nevada, Shir Tamari and Ami Luttwak from security firm Wiz, described how they found a DNS name server hijacking flaw that allowed them to spy on the dynamic DNS traffic of other customers.

AWS S3 buckets are now exposed via additional channels and APIs, which create new security blind spots that hackers are waiting to exploit. The insurtech vendor promises to its customers to provide responses within minutes, and the business process demands opening these potentially dangerous files and processing them in this time range.

While not necessarily killing your security posture, can seriously damage it, whether by introducing vulnerabilities into the development pipeline or inadvertently inheriting malware that hitches a ride with third-party components. Trying to retrofit traditional security practices and tooling into these newly accelerated workflows and production environments can be time consuming and ultimately ineffective.