Security News

Votiro introduces an AWS S3 bucket connector to reduce risk of weaponized files in storage buckets
2021-07-21 01:45

Votiro announced the addition of an AWS S3 bucket connector to its Secure File Gateway solution suite. With this new capability, all files hosted within AWS storage will be delivered to the Votiro Secure File Gateway, powered by Positive Selection technology.

Perception Point releases Advanced Threat Protection for Amazon S3 buckets
2021-07-15 02:05

Perception Point announced its Advanced Threat Protection service for Amazon Web Services environments to protect joint customers' data and stop malicious content - files and URLs - from infiltrating their Amazon Simple Storage Service buckets. Enterprises and innovative SaaS vendors are increasingly storing their internal data as well files received from external sources in Amazon S3 buckets.

ClearDATA expands SaaS platform to automatically detect PHI in multi-cloud storage buckets
2021-05-16 00:00

ClearDATA announced an expanded capability of their ClearDATA Healthcare Security and Compliance Platform, enabling healthcare organizations and their business associates to automatically detect protected health information in multi-cloud storage buckets. "In today's climate, cybersecurity breaches are at an all-time high, partially due to the industry's accelerating cloud adoption to tackle the unique challenges healthcare has encountered during the pandemic," said Suhas Kelkar, Chief Product Officer at ClearDATA. "This new technology offering enhances healthcare organizations' ability to create secure environments for data that facilitate innovation, collaboration and scalability."

Google Cloud Buckets Exposed in Rampant Misconfiguration
2020-09-22 14:12

Six percent of all Google Cloud buckets are misconfigured and left open to the public internet, for anyone to access their contents. In a survey of 2,064 Google Cloud buckets by Comparitech, 131 of them were found to be vulnerable to unauthorized access by users who could list, download and/or upload files.

Leaky AWS S3 buckets are so common, they're being found by the thousands now – with lots of buried secrets
2020-08-03 23:47

Misconfigured AWS S3 storage buckets exposing massive amounts of data to the internet are like an unexploded bomb just waiting to go off, say experts. The team at Truffle Security said its automated search tools were able to stumble across some 4,000 open Amazon-hosted S3 buckets that included data companies would not want public - things like login credentials, security keys, and API keys.

845GB of racy dating app records exposed to entire internet via leaky AWS buckets
2020-06-16 07:56

Hundreds of thousands of sensitive dating app profiles - including images of "a graphic, sexual nature" - were exposed online for anyone stumbling across them to download. Word of the uncontrolled emission burst forth from vpnMentor this week, which claims it found a misconfigured AWS S3 bucket containing 845GB of private dating app records. "Aside from exposing potentially millions of users of the apps to danger, the breach also exposed the various apps' entire AWS infrastructure through unsecured admin credentials and passwords," vpnMentor's researchers wrote.

Magecart Targets Emergency Services-related Sites via Insecure S3 Buckets
2020-06-09 00:07

Hacking groups are continuing to leverage misconfigured AWS S3 data storage buckets to insert malicious code into websites in an attempt to swipe credit card information and carry out malvertising campaigns. These virtual credit card skimmers, also known as formjacking attacks, are typically JavaScript code that Magecart operators stealthily insert into a compromised website, often on payment pages, designed to capture customers' card details in real-time and transmit it to a remote attacker-controlled server.

You know all those stories of leaky cloud buckets taken offline? Well, some may still be there, just badly hidden
2020-03-30 11:06

Shortly after our story was published, an infoec bod, who asked to remain anonymous, told El Reg they could access the files in the leaky bucket weeks after it was supposedly taken down. A report from Google claims phishing attacks from government-backed spies are increasingly disguised as messages from journalists.

What do Brit biz consultants and X-rated cam stars have in common? Wide open... AWS S3 buckets on public internet
2020-01-15 23:54

A pair of misconfigured cloud-hosted file silos have left thousands of peoples' sensitive info sitting on the open internet. The latest demonstration of this comes from eggheads at VPNmentor, who this week said they found two open AWS S3 buckets, one belonging to a UK consulting firm and another run by an adult webcam host.

AWS has new tool for those leaky S3 buckets so, yeah, you might need to reconfigure a few things
2019-12-03 12:44

Security a popular topic at Las Vegas event re:Invent At its re:Invent event under way in Las Vegas, Amazon Web Services (AWS) dropped the veil on a new tool to help customers to avoid spewing...