CSOonline

AWS environments compromised through exposed .env files

Attackers collected Amazon Web Services keys and access tokens to various cloud services from environment variables insecurely stored in tens of thousands of web applications. A data extortion ...
Hosted on MSN

Ransomware crew abuses AWS native encryption, sets data-destruct timer for 7 days

A new ransomware crew dubbed Codefinger targets AWS S3 buckets and uses the cloud giant's own server-side encryption with customer provided keys (SSE-C) to lock up victims' data before demanding a ...
Dark Reading

Threat Actor 'JavaGhost' Targets AWS Environments in Phishing Scheme

A long-running threat actor known as JavaGhost is targeting misconfigured AWS instances to obtain access keys, enabling them to send out phishing messages that skate by email defenses with ease. Palo ...
Infosecurity-magazine.com

Hackers Exploit Misconfigurations in Public Websites With Improperly Exposed AWS Credentials

A significant cyber operation exploiting vulnerabilities in improperly configured public websites has been linked to the Nemesis and ShinyHunters hacking groups, exposing sensitive data, including ...
Dark Reading

'TruffleNet' Attack Wields Stolen Credentials Against AWS

Attackers are abusing Amazon Web Services' (AWS) Simple Email Service (SES) via legitimate open source tools to steal credentials and infiltrate organizations to execute network reconnaissance. In ...
CSOonline

S3 shadow buckets leave AWS accounts open to compromise

Attackers can gain access to AWS accounts or sensitive data by creating in advance S3 storage buckets with predictable names that will be automatically used by various services and tools. Researchers ...
Bleeping Computer

Ransomware abuses Amazon AWS feature to encrypt S3 buckets

A new ransomware campaign encrypts Amazon S3 buckets using AWS's Server-Side Encryption with Customer Provided Keys (SSE-C) known only to the threat actor, demanding ransoms to receive the decryption ...