Cyberveillecurated by Decio
Nuage de tags
Mur d'images
Quotidien
Flux RSS
  • Flux RSS
  • Daily Feed
  • Weekly Feed
  • Monthly Feed
Filtres

Liens par page

  • 20 links
  • 50 links
  • 100 links

Filtres

Untagged links
10 résultats taggé aws  ✕
Ransomware abuses Amazon AWS feature to encrypt S3 buckets https://www.bleepingcomputer.com/news/security/ransomware-abuses-amazon-aws-feature-to-encrypt-s3-buckets/
13/01/2025 20:12:07
QRCode
archive.org
thumbnail

A new ransomware campaign encrypts Amazon S3 buckets using AWS's Server-Side Encryption with Customer Provided Keys (SSE-C) known only to the threat actor, demanding ransoms to receive the decryption key.

bleepingcomputer EN 2025 Encryption Ransomware Computer S3 Amazon AES Security AWS
AWS launches an incident response service to combat cybersecurity threats | TechCrunch https://techcrunch.com/2024/12/01/aws-launches-an-incident-response-service-to-combat-cybersecurity-threats/
02/12/2024 23:15:22
QRCode
archive.org
thumbnail

Amazon has launched AWS Security Incident Response, a service to help triage and respond to cybersecurity threats.

techcrunch EN 2024 Amazon AWS Security Incident Response service launch
Perfecting Ransomware on AWS — Using ‘keys to the kingdom’ to change the locks https://medium.com/@harsh8v/redefining-ransomware-attacks-on-aws-using-aws-kms-xks-dea668633802
21/10/2024 13:47:17
QRCode
archive.org

If someone asked me what was the best way to make money from a compromised AWS Account (assume root access even) — I would have answered “dump the data and hope that no-one notices you before you finish it up.”

This answer would have been valid until ~8 months ago when I stumbled upon a lesser known feature of AWS KMS which allows an attacker to do devastating ransomware attacks on a compromised AWS account.

Now I know that ransomware attacks using cross-account KMS keys is already known (checkout the article below)— but even then, the CMK is managed by AWS and they can just block the attackers access to the CMK and decrypt data for the victim because the key is OWNED by AWS and attacker is just given API access to it under AWS TOS. Also there’s no way to delete the CMK but only schedule the key deletion (min 7 days) which means there’s ample time for AWS to intervene.
@harsh8v EN 2024 medium AWS Ransomware KMS keys
Widespread Cloud Exposure: Extortion Campaign Used Exposed AWS ENV Files To Target 110,000 Domains https://cyble.com/blog/widespread-cloud-exposure/
21/08/2024 09:22:52
QRCode
archive.org
thumbnail

A cloud extortion campaign exploited misconfigured AWS .env files to target 110,000 domains, stealing credentials and ransoming cloud storage data.

cyble EN 2024 Cloud Exposure env AWS extortion
Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/
15/08/2024 16:40:03
QRCode
archive.org
thumbnail

We recount an extensive cloud extortion campaign leveraging exposed .env files of at least 110k domains to compromise organizations' AWS environments.

unit42 EN 2024 Leaked Environment Variables cloud aws extortion
Fake AWS Packages Ship Command and Control Malware In JPEG Files https://blog.phylum.io/fake-aws-packages-ship-command-and-control-malware-in-jpeg-files
18/07/2024 23:25:43
QRCode
archive.org
thumbnail

On July 13, 2024, the Phylum platform alerted us to a series of odd packages published to the npm package registry. At first glance, these packages appear entirely legitimate; however, as our system automatically noted, they contained sophisticated command and control functionality hidden in image files that would be executed

phylum EN 2024 AWS fake Supply-chain-attack npm package registry JPEG
SCARLETEEL: Operation leveraging Terraform, Kubernetes, and AWS for data theft https://sysdig.com/blog/cloud-breach-terraform-data-theft/
09/03/2023 18:42:29
QRCode
archive.org
thumbnail

The Sysdig Threat Research Team recently discovered a sophisticated cloud operation in a customer environment, dubbed SCARLETEEL.

sysdig EN 2023 SCARLETEEL cloud Kubernetes Terraform AWS Data-Theft
I scanned every package on PyPi and found 57 live AWS keys https://tomforb.es/i-scanned-every-package-on-pypi-and-found-57-live-aws-keys/
07/01/2023 22:21:04
QRCode
archive.org

After inadvertently finding that InfoSys leaked an AWS key on PyPi I wanted to know how many other live AWS keys may be present on Python package index. After scanning every release published to PyPi I found 57 valid access keys from organisations like:

Amazon themselves 😅
Intel
Stanford, Portland and Louisiana University
The Australian Government
General Atomics fusion department
Terradata
Delta Lake
And Top Glove, the worlds largest glove manufacturer 🧤

tomforb EN 2022 leak scan AWS keys PyPi
A Cyberattack Illuminates the Shaky State of Student Privacy https://www.nytimes.com/2022/07/31/business/student-privacy-illuminate-hack.html
01/08/2022 15:26:23
QRCode
archive.org
thumbnail

At a moment when education technology firms are stockpiling sensitive information on millions of school children, safeguards for student data have broken down.

NYTimes 2022 EN K-12-Education Privacy NewYork edu leak buckets aws students data
Python packages upload your AWS keys, env vars, secrets to the web https://blog.sonatype.com/python-packages-upload-your-aws-keys-env-vars-secrets-to-web
27/06/2022 09:21:55
QRCode
archive.org
thumbnail

Multiple Python packages caught by Sonatype were seen uploading secrets such as AWS keys and environment variables to a web endpoint.

sonatype EN 20022 supplychain Python stealer AWS keys packages loglib-modules pyg-modules pygrata pygrata-utils hkg-sol-utils
4507 links
Shaarli - The personal, minimalist, super-fast, database free, bookmarking service par la communauté Shaarli - Theme by kalvn - Curated by Decio