Elastic Expands Cloud Security Capabilities for AWS
Launching CSPM, container workload security, and cloud vulnerability management to modernize cloud security operations.
Amazon Web Services (AWS) is a cloud platform whose configurations, vulnerabilities, and security advisories can affect hosted data and systems.
Search across headline titles and summaries.
Background for this topic.
Amazon Web Services (AWS) is a cloud platform offering on-demand computing, storage, databases, networking, and managed services. Organizations use it to run applications and process data without operating the underlying physical infrastructure. Security reporting under this tag may concern AWS service flaws, its infrastructure, or weaknesses in customer-configured environments.
AWS follows a shared-responsibility model: AWS secures the cloud infrastructure, while customers must secure identities, data, configurations, and workloads. Material risks include overly broad IAM permissions or stolen credentials, publicly exposed storage or network services, and unpatched virtual machines, containers, or application interfaces. Effective defenses include least-privilege access, encryption, configuration review, timely patching, and centralized audit logging through services such as CloudTrail. Those logs and related telemetry support detection and investigation, while predefined procedures can revoke credentials, isolate workloads, and preserve evidence when an account or resource is compromised.
Launching CSPM, container workload security, and cloud vulnerability management to modernize cloud security operations.
Harvesting API keys and secrets from AWS SES, Microsoft Office 365 and other services
Malicious toolkit targets misconfigured hosts in AWS and Office 365 A fast-evolving toolkit that can be used to compromise email and web hosting services represents a disturbing evolution of attacks in the cloud, which for the most part have previously been confined to mining cryptocurrencies.…
A new "comprehensive toolset" called AlienFox is being distributed on Telegram as a way for threat actors to harvest credentials from API keys and secrets from popular cloud service providers