Security News

845GB of racy dating app records exposed to entire internet via leaky AWS buckets
2020-06-16 07:56

Hundreds of thousands of sensitive dating app profiles - including images of "a graphic, sexual nature" - were exposed online for anyone stumbling across them to download. Word of the uncontrolled emission burst forth from vpnMentor this week, which claims it found a misconfigured AWS S3 bucket containing 845GB of private dating app records. "Aside from exposing potentially millions of users of the apps to danger, the breach also exposed the various apps' entire AWS infrastructure through unsecured admin credentials and passwords," vpnMentor's researchers wrote.

Magecart Targets Emergency Services-related Sites via Insecure S3 Buckets
2020-06-09 00:07

Hacking groups are continuing to leverage misconfigured AWS S3 data storage buckets to insert malicious code into websites in an attempt to swipe credit card information and carry out malvertising campaigns. These virtual credit card skimmers, also known as formjacking attacks, are typically JavaScript code that Magecart operators stealthily insert into a compromised website, often on payment pages, designed to capture customers' card details in real-time and transmit it to a remote attacker-controlled server.

You know all those stories of leaky cloud buckets taken offline? Well, some may still be there, just badly hidden
2020-03-30 11:06

Shortly after our story was published, an infoec bod, who asked to remain anonymous, told El Reg they could access the files in the leaky bucket weeks after it was supposedly taken down. A report from Google claims phishing attacks from government-backed spies are increasingly disguised as messages from journalists.

What do Brit biz consultants and X-rated cam stars have in common? Wide open... AWS S3 buckets on public internet
2020-01-15 23:54

A pair of misconfigured cloud-hosted file silos have left thousands of peoples' sensitive info sitting on the open internet. The latest demonstration of this comes from eggheads at VPNmentor, who this week said they found two open AWS S3 buckets, one belonging to a UK consulting firm and another run by an adult webcam host.

AWS has new tool for those leaky S3 buckets so, yeah, you might need to reconfigure a few things
2019-12-03 12:44

Security a popular topic at Las Vegas event re:Invent At its re:Invent event under way in Las Vegas, Amazon Web Services (AWS) dropped the veil on a new tool to help customers to avoid spewing...

The Threat in the Cloud: Phishing Abuses Amazon AWS S3 Buckets
2019-08-08 14:00

An ongoing campaign is hosting its phishing landing pages on enterprise-class public cloud storage services -- a nascent trend meant to throw defenders off.

Week in review: Fileless malware, usable cybersecurity, Magecart goes after S3 buckets
2019-07-14 15:00

Here’s an overview of some of last week’s most interesting news and articles: Inside the NIST team working to make cybersecurity more user-friendly Cybersecurity is usually not a user’s primary...

Magecart Hackers Infect 17,000 Domains via Insecure S3 Buckets
2019-07-12 17:55

The Magecart hackers have managed to infect over 17,000 domains by targeting improperly secured Amazon S3 buckets, RiskIQ reports.  read more

RiskIQ: Magecart Group Targeting Unsecured AWS S3 Buckets
2019-07-11 20:03

Researchers Find Skimmers Designed to Skim Payment Data in 17,000 DomainsA cybercriminal gang associated with the umbrella organization known as Magecart has been inserting malicious JavaScript...

Magecart compromised 17,000+ sites through unsecured Amazon S3 buckets
2019-07-11 09:47

We often hear about misconfigured Amazon S3 buckets exposing sensitive business and customer data, but there’s another present danger: Magecart attackers have been exploiting them to inject...