Attackers are encrypting AWS S3 data without using ransomware

A ransomware gang dubbed Codefinger is encrypting data stored in target organizations’ AWS S3 buckets with AWS’s server-side encryption option with customer-provided keys (SSE-C), and asking for money to hand over the key they used. They do not e… Continue reading Attackers are encrypting AWS S3 data without using ransomware

The shocking speed of AWS key exploitation

It’s no secret that developers often inadvertently expose AWS access keys online and we know that these keys are being scraped and misused by attackers before organizations get a chance to revoke them. Clutch Security researchers performed a test… Continue reading The shocking speed of AWS key exploitation