Lone Attacker Uses AI to Breach AWS Cloud Environment in 72 Hours
The attacker exploited AI workflows, chained cloud weaknesses, and stolen credentials to extort a large Amazon customer.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
The attacker exploited AI workflows, chained cloud weaknesses, and stolen credentials to extort a large Amazon customer.
Threat actors wielding stolen AWS Identity and Access Management (IAM) credentials leverage Amazon EC and EC2 infrastructure across multiple customer environments.
Sara Duffer highlights the top lessons she brought back to her security role following three years in Amazon's shadow program.
Newly appointed Amazon Web Services CISO Amy Herzog believes security culture goes beyond frameworks and executive structures. Having the right philosophy throughout the organization is key.
Palo Alto Networks' Unit 42 details how a threat actor is dodging detection with careful targeting and the use of Amazon's native email tools.
Amazon Web Services made updates to its identity and access management platform to help developers implement secure, scalable, and customizable authentication solutions for their applications.
Amazon's open source Cloud Development Kit generates dangerously predictable naming patterns that could lead to an account takeover.
Permiso Security announced Cloud Console Cartographer during Black Hat Asia to help defenders look inside Amazon Web Services events logs for signs of cyberattacks.
Amazon Web Services CISO Chris Betz explains why generative AI is both a time-saving tool as well as a double-edged sword.
Amazon Web Services announced enhancements to several of its security tools, including GuardDuty, Inspector, Detective, IAM Access Analyzer, and Secrets Manager, to name a few during its re:Invent event.
Cyber adversaries are scanning public GitHub repositories in real-time, evading Amazon quarantine controls, and harvesting AWS keys.
Cyber adversaries are scanning public GitHub repositories in real-time, evading Amazon quarantine controls, and harvesting AWS keys.
Amazon will add new MFA requirements for users with the highest privileges, with plans to include other user levels over time.
The opportunistic "SCARLETEEL" attack on a firm's Amazon Web Services account turns into targeted data theft after the intruder uses an overpermissioned service to jump into cloud system.
At AWS re:Invent last week, the cloud giant previewed security services including Amazon Security Lake for security telemetry, Verified Permissions for developers, and a VPN bypass service.
Amazon Security Lake will allow organizations to create a purpose-built, standards-based data lake to aggregate and store security data.
The new GuardDuty Malware Protection and Amazon Detective were among 10 products and services unveiled at AWS re:Inforce in Boston this week.
Hexa and IDQL allows organizations using cloud platforms such as Microsoft Azure, Amazon Web Services, and Google Cloud Platform to apply consistent access policy across all applications, regardless of environment.