Security News

Amazon wants to make it more difficult for attackers to compromise Amazon Web Services root accounts, by requiring those account holders to enable multi-factor authentication. The root account holder is the first identity created when creating an AWS account and the most privileged user, as it has access to all AWS services and resources in the account.

Interview AWS has unveiled MadPot, its previously secret threat-intelligence tool that one of the cloud giant's security execs tells us has thwarted Chinese and Russian spies - and millions of bots. The massive honeypot system has been around since 2010, and includes tens of thousands of threat sensors monitoring criminals' attempts to connect with AWS decoys.

A novel cloud-native cryptojacking operation has set its eyes on uncommon Amazon Web Services offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to illicitly mine cryptocurrency. "The AMBERSQUID operation was able to exploit cloud services without triggering the AWS requirement for approval of more resources, as would be the case if they only spammed EC2 instances," Sysdig security researcher Alessandro Brucato said in a report shared with The Hacker News.

How should SMBs navigate the phishing minefield?In this Help Net Security interview, Pete Hoff, CISO at Wursta, offers advice to SMB security leaders and professionals on how to minimize the threat phishing presents to their organization's operations and long-term success. Chrome zero-day exploited in the wild, patch now!Google has rolled out a security update for a critical Chrome zero-day vulnerability exploited in the wild.

Here's a collection of free AWS cybersecurity courses you can use to elevate your knowledge about the platform. In this self-paced course, you will learn fundamental AWS cloud cybersecurity concepts, including AWS access control, data encryption methods, and how network access to your AWS infrastructure can be secured.

A consortium led by Splunk and AWS are hoping to fix this by standardizing how events are noted in logs, reducing the burden on security teams to decipher alerts they receive from multiple tools and vendors. Last week at Black Hat, security vendor Splunk announced the general availability of the Open Cybersecurity Schema Framework.

Amazon AWS has withdrawn its association with open source project Moq after the project drew sharp criticism for its quiet addition of data collection features, as first reported by BleepingComputer. The inclusion of closed-source SponsorLink package caused Moq to harvest SHA-256 hashes of developer email addresses from local Git configs, and upload these to SponsorLink's CDN. In reaction, several developers either discontinued use of Moq [1, 2] in favor of alternatives, or suggested building tools that would detect and block any projects that run SponsorLink.

Amazon AWS has dropped sponsorship support for open source project Moq after the project drew sharp criticism for its quiet addition of data collection features, as first reported by BleepingComputer. The inclusion of closed-source SponsorLink package caused Moq to harvest SHA-256 hashes of developer email addresses from local Git configs, and upload these to SponsorLink's CDN. In reaction, several developers either discontinued use of Moq [1, 2] in favor of alternatives, or suggested building tools that would detect and block any projects that run SponsorLink.

Attackers can turn AWS SSM agents into remote access trojansMitiga researchers have documented a new post-exploitation technique attackers can use to gain persistent remote access to AWS Elastic Compute Cloud instances, as well as to non-EC2 machines. August 2023 Patch Tuesday forecast: Software security improvementsThe continued onslaught of phishing attacks, ransomware deployment, and other exploitation is forcing the community to pay closer attention to early identification, as well as fast response, to vulnerabilities in their software.

Abusing AWS SSM Agent as a RAT. AWS Systems Manager is an Amazon-signed binary and comprehensive endpoint management system used by administrators for configuration, patching, and monitoring AWS ecosystems comprising EC2 instances, on-premise servers, or virtual machines. Mitiga's discovery is that the SSM agent can be configured to run in "Hybrid" mode even from within the limits of an EC2 instance, allowing access to assets and servers from attacker-controlled AWS accounts.