Security News
An updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services credentials associated with DynamoDB and CloudWatch. "This recent update demonstrates a widening of scope, with new capabilities such the ability to compromise SSH servers and retrieve additional AWS-specific credentials from Laravel web applications," Cado Labs researcher Matt Muir said in a report shared with The Hacker News.
A financially motivated threat actor of Indonesian origin has been observed leveraging Amazon Web Services Elastic Compute Cloud instances to carry out illicit crypto mining operations. Cloud security company's Permiso P0 Labs, which first detected the group in November 2021, has assigned it the moniker GUI-vil.
The bad news train keeps rolling for Capita, with more local British councils surfacing to say their data was put on the line by an unsecured AWS bucket, and, separately, pension clients warning of possible data theft in March's mega breach. Alison Parkin, director of financial services at Derby CC, said Capita supported its council tax and benefits service, and data left exposed was collected in early 2021.
Capita is facing criticism about its security hygiene on a new front after an Amazon bucket containing benefits data on residents in a south east England city council was left exposed to the public web. Colchester City Council said on Monday it had launched a probe following the discovery of the open bucket, and was working with Capita to fully understand the "Extent of the data spill and take all necessary steps to minimize any impact on residents."
A new "Comprehensive toolset" called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers. "The spread of AlienFox represents an unreported trend towards attacking more minimal cloud services, unsuitable for crypto mining, in order to enable and expand subsequent campaigns," SentinelOne security researcher Alex Delamotte said in a report shared with The Hacker News.
Given how many organizations now use two or more public clouds - 87 percent of respondents in Flexera's 2023 State of the Cloud report said they have a multicloud strategy - it was important that Microsoft also look outward when talking about security baselines, according to Jim Cheng, senior software engineer at Microsoft. "Today we see that our customers often have to aggregate and reconcile their security management across multiple cloud platforms to meet security and compliance requirements," Cheng wrote in October 2022, when MCSB v1 entered public preview.
A new phishing campaign targeting Amazon Web Services logins is abusing Google ads to sneak phishing sites into Google Search to steal your login credentials. The malicious Google ads take the victim to a blogger website under the attackers' control, which is a copy of a legitimate vegan food blog.
"We want to make sure that you use public buckets and objects as needed, while giving you tools to make sure that you don't make them publicly accessible due to a simple mistake or misunderstanding," the company explained as it introduced Amazon S3 Block Public Access, a way to block public access to S3 buckets through the S3 management console. That's when AWS announced "a couple new features that simplify access management for data stored in Amazon Simple Storage Service."
A severe security flaw in the Amazon ECR Public Gallery could have allowed attackers to delete any container image or inject malicious code into the images of other AWS accounts.Amazon ECR Public Gallery is a public repository of container images used for sharing ready-to-use applications and popular Linux distributions, such as Nginx, EKS Distro, Amazon Linux, CloudWatch agent, and Datadog agent.
While some AWS partners chose to hold back on their announcements and statements ahead of AWS re:Invent 2022 - presumably in an attempt to vie for share of voice during the event - a handful were vocal in the run-up to this year's show, staged in Las Vegas between Nov. 28 and Dec. 2. How to connect to AWS. Data platform company Redis signed a tighter AWS deal this month to put its Redis Enterprise Cloud real-time data processing capabilities more closely within the global reach of AWS services.