Security News

Crooks stole AWS credentials from misconfigured sites then kept them in open S3 bucket
2024-12-09 16:15

ShinyHunters-linked heist thought to have been ongoing since March Exclusive A massive online heist targeting AWS customers during which digital crooks abused misconfigurations in public websites...

The Rise of S3 Ransomware: How to Identify and Combat It
2023-10-25 11:36

In today's digital landscape, around 60% of corporate data now resides in the cloud, with Amazon S3 standing as the backbone of data storage for many major corporations. Despite S3 being a secure...

How to set up and speed up Amazon S3 Replication for cross-region data replication
2023-09-21 04:30

A popular replication solution for AWS is Amazon S3 Replication, a robust feature that replicates objects and their metadata across multiple S3 buckets. Disaster recovery and data redundancy: Cross-region replication is an integral component of disaster recovery strategies, ensuring data integrity, and mitigating data loss through backups and active/passive or active/active failover strategies.

S3 Ep149: How many cryptographers does it take to change a light bulb?
2023-08-24 20:50

Researchers have discovered how to trick you into thinking your iPhone is in Airplane mode while actually leaving mobile data turned on. The main one seems to be that when you're setting up the light bulb for the first time, there is some effort put into making sure that the app and the light bulb each reason that they are communicating with the right sort of code at the other end.

#S3
S3 Ep148: Remembering crypto heroes
2023-08-17 19:43

ATMs always take your card right in, don't they? So the idea of these ATM skimming crooks is they're not just interested in your card details, like a web phisher would be.

S3 Ep147: What if you type in your password during a meeting?
2023-08-10 19:34

DUCK. So we did get the Mark I, and I guess it was the last mainstream digital computer that had a driveshaft, Doug, operated by an electrical motor. DUCK. I think they intended that as a slightly humorous note, but they did note that previous research, not their own, has discovered that touch-typers tend to be much more regular about the way that they type.

#S3
S3 Ep146: Tell us about that breach! (If you want to.)
2023-08-03 17:56

The root of the problem is that shared CPU components, like the internal memory system, combine attacker data and data from any other application, resulting in a combined leakage signal in the power consumption. Whether just suffering a ransomware attack is inevitably enough to be a material data breach.

S3 Ep145: Bugs With Impressive Names!
2023-07-27 18:47

The problem is there was no data authentication or verification stage. The moral of the story is: Don't rely on data you can't verify.

#S3
S3 Ep144: When threat hunting goes down a rabbit hole
2023-07-20 20:58

Listeners will probably know that Virus Total is a very popular service where, if you've got a file that either you know it's malware and you want to know what lots of different products call it, or if you think, "Maybe I want to get the sample securely to as many vendors as possible, as quickly as possible". The file is meant to be made available to dozens of cybersecurity companies almost immediately.

S3 Ep143: Supercookie surveillance shenanigans
2023-07-13 18:48

DUCK. Yes, the usual large number of bugs fixed. Although Elevation of Privilege usually gets looked down on as lesser than Remote Code Execution, where crooks use the bug to break in in the first place, the problem with EoP has to do with crooks who are already "Loitering with intent" in your network.