Security News

Hundreds of thousands of sensitive dating app profiles - including images of "a graphic, sexual nature" - were exposed online for anyone stumbling across them to download. Word of the uncontrolled emission burst forth from vpnMentor this week, which claims it found a misconfigured AWS S3 bucket containing 845GB of private dating app records. "Aside from exposing potentially millions of users of the apps to danger, the breach also exposed the various apps' entire AWS infrastructure through unsecured admin credentials and passwords," vpnMentor's researchers wrote.

Hacking groups are continuing to leverage misconfigured AWS S3 data storage buckets to insert malicious code into websites in an attempt to swipe credit card information and carry out malvertising campaigns. These virtual credit card skimmers, also known as formjacking attacks, are typically JavaScript code that Magecart operators stealthily insert into a compromised website, often on payment pages, designed to capture customers' card details in real-time and transmit it to a remote attacker-controlled server.

Shortly after our story was published, an infoec bod, who asked to remain anonymous, told El Reg they could access the files in the leaky bucket weeks after it was supposedly taken down. A report from Google claims phishing attacks from government-backed spies are increasingly disguised as messages from journalists.

A pair of misconfigured cloud-hosted file silos have left thousands of peoples' sensitive info sitting on the open internet. The latest demonstration of this comes from eggheads at VPNmentor, who this week said they found two open AWS S3 buckets, one belonging to a UK consulting firm and another run by an adult webcam host.

Security a popular topic at Las Vegas event re:Invent At its re:Invent event under way in Las Vegas, Amazon Web Services (AWS) dropped the veil on a new tool to help customers to avoid spewing...

An ongoing campaign is hosting its phishing landing pages on enterprise-class public cloud storage services -- a nascent trend meant to throw defenders off.

Here’s an overview of some of last week’s most interesting news and articles: Inside the NIST team working to make cybersecurity more user-friendly Cybersecurity is usually not a user’s primary...

The Magecart hackers have managed to infect over 17,000 domains by targeting improperly secured Amazon S3 buckets, RiskIQ reports.  read more

Researchers Find Skimmers Designed to Skim Payment Data in 17,000 DomainsA cybercriminal gang associated with the umbrella organization known as Magecart has been inserting malicious JavaScript...

We often hear about misconfigured Amazon S3 buckets exposing sensitive business and customer data, but there’s another present danger: Magecart attackers have been exploiting them to inject...