Lone Attacker Uses AI to Breach AWS Cloud Environment in 72 Hours
The attacker exploited AI workflows, chained cloud weaknesses, and stolen credentials to extort a large Amazon customer.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
The attacker exploited AI workflows, chained cloud weaknesses, and stolen credentials to extort a large Amazon customer.
A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection vector to steal database credentials, SSH private keys, Amazon Web Services (AWS) secrets, shell command history, Stripe API keys, and GitHub tokens at scale
'Within 10 minutes of gaining initial access, crypto miners were operational' Your AWS account could be quietly running someone else's cryptominer. Cryptocurrency thieves are using stolen Amazon account credentials to mine for coins at the expense of AWS customers, abusing their Elastic Container Service (ECS) and their Elastic Compute Cloud (EC2) resources, in an ongoing operation that started on November 2.…
Amazon's AWS GuardDuty security team is warning of an ongoing crypto-mining campaign that targets its Elastic Compute Cloud (EC2) and Elastic Container Service (ECS) using compromised credentials for Identity and Access Management (IAM). [...]
Threat actors wielding stolen AWS Identity and Access Management (IAM) credentials leverage Amazon EC and EC2 infrastructure across multiple customer environments.
An ongoing campaign has been observed targeting Amazon Web Services (AWS) customers using compromised Identity and Access Management (IAM) credentials to enable cryptocurrency mining
'Sustained focus on Western critical infrastructure' Russia's Main Intelligence Directorate (GRU) is behind a years-long campaign targeting energy, telecommunications, and tech providers, stealing credentials and compromising misconfigured devices hosted on AWS to give the Kremlin's snoops persistent access to sensitive networks, according to Amazon's security boss.…
Cloud security company Wiz has revealed that it uncovered in-the-wild exploitation of a security flaw in a Linux utility called Pandoc as part of attacks designed to infiltrate Amazon Web Services (AWS) Instance Metadata Service (IMDS)
Look who's visiting the watering hole these days Amazon today said it disrupted an intel-gathering attempt by Russia's APT29 to trick Microsoft users into unwittingly granting the Kremlin-backed cyberspies access to their accounts and data.…
Threat Actor 'Codefinger' Targets Cloud EnvironmentsA ransomware group is targeting Amazon S3 buckets, exploiting the data stored there using AWS’s server-side encryption with customer keys and demanding a ransom in exchange for the encryption key needed to unlock the data. The group uses compromised or publicly exposed AWS account credentials.
A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers. [...]
Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) that has racked up thousands of downloads for over three years while stealthily exfiltrating developers' Amazon Web Services (AWS) credentials
Multiple popular mobile applications for iOS and Android come with hardcoded, unencrypted credentials for cloud services like Amazon Web Services (AWS) and Microsoft Azure Blob Storage, exposing user data and source code to security breaches. [...]
New cybersecurity research has found that command-line interface (CLI) tools from Amazon Web Services (AWS) and Google Cloud can expose sensitive credentials in build logs, posing significant risks to organizations
A new Python-based hacking tool called FBot has been uncovered targeting web servers, cloud services, content management systems (CMS), and SaaS platforms such as Amazon Web Services (AWS), Microsoft 365, PayPal, Sendgrid, and Twilio
A new ongoing campaign dubbed EleKtra-Leak has set its eyes on exposed Amazon Web Service (AWS) identity and access management (IAM) credentials within public GitHub repositories to facilitate cryptojacking activities
Why limit yourself to only stealing AWS credentials? A criminal crew with a history of deploying malware to harvest credentials from Amazon Web Services accounts may expand its attention to organizations using Microsoft Azure and Google Cloud Platform.…
A malicious actor has been linked to a cloud credential stealing campaign in June 2023 that's focused on Azure and Google Cloud Platform (GCP) services, marking the adversary's expansion in targeting beyond Amazon Web Services (AWS)
An updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services (AWS) credentials associated with DynamoDB and CloudWatch
A new phishing campaign targeting Amazon Web Services (AWS) logins is abusing Google ads to sneak phishing sites into Google Search to steal your login credentials. [...]