Security News

Hacking groups are continuing to leverage misconfigured AWS S3 data storage buckets to insert malicious code into websites in an attempt to swipe credit card information and carry out malvertising campaigns. These virtual credit card skimmers, also known as formjacking attacks, are typically JavaScript code that Magecart operators stealthily insert into a compromised website, often on payment pages, designed to capture customers' card details in real-time and transmit it to a remote attacker-controlled server.

A now-defunct mobile app for loaning money to small business owners has been pinned down as the source of an exposed archive containing roughly 500,000 personal and business financial records. The research team at vpnMentor said it traced an exposed database of financial records back to a former Android/iOS app called MCA Wizard, developed jointly by Advantage Capital Funding and Argus Capital Funding back in 2018.

A pair of misconfigured cloud-hosted file silos have left thousands of peoples' sensitive info sitting on the open internet. The latest demonstration of this comes from eggheads at VPNmentor, who this week said they found two open AWS S3 buckets, one belonging to a UK consulting firm and another run by an adult webcam host.

A publicly accessible Amazon S3 storage bucket originating from iPR Software was found exposing information on thousands of users, UpGuard’s security researchers reveal.  read more

Security a popular topic at Las Vegas event re:Invent At its re:Invent event under way in Las Vegas, Amazon Web Services (AWS) dropped the veil on a new tool to help customers to avoid spewing...

Here’s an overview of some of last week’s most interesting news, articles and podcasts: Cybersecurity automation? Yes, wherever possible Automated systems are invaluable when it comes to...

Amazon launched its Simple Storage Service (better known as S3) back in 2006 as a platform for storing just about any type of data under the sun. Since then, S3 buckets have become one of the most...

Get your grandparents to book with someone else Teletext Holidays managed to leave more than 200,000 customer phone call recordings exposed on an unsecured AWS server, according to reports.…

An ongoing campaign is hosting its phishing landing pages on enterprise-class public cloud storage services -- a nascent trend meant to throw defenders off.

Plus, Cisco patches up router pwnage vulnerability Roundup Here is a quick roundup of the recent happenings in the world of computer security beyond what we've already reported.…