Security News
Amazon AWS has withdrawn its association with open source project Moq after the project drew sharp criticism for its quiet addition of data collection features, as first reported by BleepingComputer. The inclusion of closed-source SponsorLink package caused Moq to harvest SHA-256 hashes of developer email addresses from local Git configs, and upload these to SponsorLink's CDN. In reaction, several developers either discontinued use of Moq [1, 2] in favor of alternatives, or suggested building tools that would detect and block any projects that run SponsorLink.
Amazon AWS has dropped sponsorship support for open source project Moq after the project drew sharp criticism for its quiet addition of data collection features, as first reported by BleepingComputer. The inclusion of closed-source SponsorLink package caused Moq to harvest SHA-256 hashes of developer email addresses from local Git configs, and upload these to SponsorLink's CDN. In reaction, several developers either discontinued use of Moq [1, 2] in favor of alternatives, or suggested building tools that would detect and block any projects that run SponsorLink.
Attackers can turn AWS SSM agents into remote access trojansMitiga researchers have documented a new post-exploitation technique attackers can use to gain persistent remote access to AWS Elastic Compute Cloud instances, as well as to non-EC2 machines. August 2023 Patch Tuesday forecast: Software security improvementsThe continued onslaught of phishing attacks, ransomware deployment, and other exploitation is forcing the community to pay closer attention to early identification, as well as fast response, to vulnerabilities in their software.
Abusing AWS SSM Agent as a RAT. AWS Systems Manager is an Amazon-signed binary and comprehensive endpoint management system used by administrators for configuration, patching, and monitoring AWS ecosystems comprising EC2 instances, on-premise servers, or virtual machines. Mitiga's discovery is that the SSM agent can be configured to run in "Hybrid" mode even from within the limits of an EC2 instance, allowing access to assets and servers from attacker-controlled AWS accounts.
Mitiga researchers have documented a new post-exploitation technique attackers can use to gain persistent remote access to AWS Elastic Compute Cloud (EC2) instances (virtual servers), as well as...
Cybersecurity researchers have discovered a new post-exploitation technique in Amazon Web Services that allows the AWS Systems Manager Agent to be run as a remote access trojan on Windows and Linux environments. "The SSM agent, a legitimate tool used by admins to manage their instances, can be re-purposed by an attacker who has achieved high privilege access on an endpoint with SSM agent installed, to carry out malicious activities on an ongoing basis," Mitiga researchers Ariel Szarf and Or Aspir said in a report shared with The Hacker News.
The Scarleteel threat targets AWS Fargate environments for data theft and more malicious types of attacks such as cryptojacking and DDoS. Learn how to mitigate this threat. Sysdig, a cloud and container security company, has released a new report on the Scarleteel threat that targets specific AWS environments for data theft and additional malicious activities.
Cloud environments continue to be at the receiving end of an ongoing advanced attack campaign dubbed SCARLETEEL, with the threat actors now setting their sights on Amazon Web Services Fargate. SCARLETEEL was first exposed by the cybersecurity company in February 2023, detailing a sophisticated attack chain that culminated in the theft of proprietary data from AWS infrastructure and the deployment of cryptocurrency miners to profit off the compromised systems' resources illegally.
Building a custom cracking rig for research can be expensive, so penetration tester Max Ahartz built one on AWS. In this Help Net Security interview, he takes us through the process and unveils the details of his creation. What motivated you to undertake this project, and what were your objectives in creating the automated cracking rig?
Researchers from Cado Labs recently encountered an update to the emerging cloud-focused malware family, Legion. This sample iterates upon the credential harvesting features of its predecessor, with a continued emphasis on exploiting PHP web applications.