Supply Chain Attack: Abandoned S3 Buckets Used for Malicious Payloads

By Deeba Ahmed
Threat actors have been taking over abandoned S3 buckets to launch malicious binaries, steal login credentials and more.
This is a post from HackRead.com Read the original post: Supply Chain Attack: Abandoned S3 Buckets Used for Maliciou… Continue reading Supply Chain Attack: Abandoned S3 Buckets Used for Malicious Payloads

Sneaky recon on roster of AWS users is possible, Unit 42 says

Knowing exactly who manages a certain cloud service can be valuable information for malicious hackers, and a cybersecurity company says it has found that kind of weakness in products run by one of the biggest cloud providers. More than 20 application programming interfaces (API) associated with 16 Amazon Web Services products can be abused to give up basic information about users and their roles, according to Unit 42, the research arm of cybersecurity giant Palo Alto Networks. “A malicious actor may obtain the roster of an account, learn the organization’s internal structure” and then perhaps “launch targeted attacks against individuals,” Unit 42 researcher Jay Chen says in a report released Tuesday morning. Palo Alto Networks says AWS gave permission to release the research. The problem is within a feature that validates “resource-based policies” for things like the commonly used Amazon Simple Storage Service (S3), Unit 42 says. A resource-based policy is basically a […]

The post Sneaky recon on roster of AWS users is possible, Unit 42 says appeared first on CyberScoop.

Continue reading Sneaky recon on roster of AWS users is possible, Unit 42 says

Twilio breach spotlights struggle to keep corporate software kits out of the wrong hands

The security team at Twilio, a cloud communications company that claimed over $1 billion in revenue last year, could breathe a sigh of relief on Sunday night. Earlier in the day, someone had manipulated the code in a software product that Twilio customers use to route calls and other communications. The breach resembled a Magecart-style attack that skims websites for users’ financial data. Twilio cleaned up the code hours later, and said there was no sign the attackers had accessed customer data. But the damage could have been worse if the attack had been targeted, multiple security experts told CyberScoop. With access to the code, which was sitting in an unsecured Amazon cloud storage service known as an S3 bucket, the attackers could have conducted phishing attacks or distributed malware through the platform, according to Yonathan Klijnsma, head of threat research at security company RiskIQ. Dave Kennedy, founder of cybersecurity […]

The post Twilio breach spotlights struggle to keep corporate software kits out of the wrong hands appeared first on CyberScoop.

Continue reading Twilio breach spotlights struggle to keep corporate software kits out of the wrong hands

RSAC 2020: Another Smart Baby Monitor Vulnerable to Remote Hackers

A popular baby monitor has been found riddled with vulnerabilities that give attackers full access to personal information and sensitive video footage. Continue reading RSAC 2020: Another Smart Baby Monitor Vulnerable to Remote Hackers

Data about inmates and jail staff spilled by leaky prison app

A web-mapping project came across detainees’ prescriptions and other PII that could be used by identity thieves to victimize prisoners. Continue reading Data about inmates and jail staff spilled by leaky prison app

What Capital One’s cybersecurity team did (and did not) get right

There was no months-old, unpatched Apache flaw. A S3 bucket wasn’t publicly accessible to anyone with an internet connection. There was no effort to hide what happened behind the company’s bug bounty program. When taken at face value, the Capital One breach looks awfully similar to other massive security failures that have made national news in the past few years. But while people fixate on the amount of information taken, there are some in cybersecurity circles that see a silver lining in the way the bank has handled the incident. Multiple security experts told CyberScoop that while the incident is clearly severe and there are still questions that need to be answered, actions taken by the Virginia-based bank — who did not respond to CyberScoop’s request for comment — prevented this breach from becoming another example of extreme corporate cybersecurity negligence. “While it’s tempting to knock Capital One for this […]

The post What Capital One’s cybersecurity team did (and did not) get right appeared first on CyberScoop.

Continue reading What Capital One’s cybersecurity team did (and did not) get right

Automated Magecart spree hit thousands of sites via misconfigured cloud servers, RiskIQ says

One of the most notorious e-commerce scams has expanded into a “mass compromise” that preys on vulnerable cloud infrastructure to skim data from thousands of websites, according researchers with security vendor RiskIQ. Hackers using so-called Magecart techniques have infiltrated more than 17,000 sites by sneaking into misconfigured cloud repositories, reports the San Francisco-based company. The crooks are automatically scanning the web for vulnerable Amazon Web Services S3 buckets and adding malicious code that captures financial information, the researchers say. While AWS does have automatic protections for S3 buckets, it’s common for the repositories to be misconfigured and thus vulnerable to outsiders. Many e-commerce sites use S3 buckets to store sensitive data. The thieves started compromising insecure buckets in April, RiskIQ says. This campaign, which RiskIQ says has affected websites in Alexa’s top 2,000 internet rankings, is the latest Magecart-style attack after previous incidents at British Airways, Ticketmaster, and other international shipping sites. “Magecart” doesn’t refer to a single cybercriminal gang, but a style […]

The post Automated Magecart spree hit thousands of sites via misconfigured cloud servers, RiskIQ says appeared first on CyberScoop.

Continue reading Automated Magecart spree hit thousands of sites via misconfigured cloud servers, RiskIQ says

Third-party Facebook apps left people’s data publicly exposed, researchers say

Two separate exposures of sensitive information about Facebook users are the latest alarming discoveries by researchers at UpGuard. In both cases, the operators of third-party apps that connected to Facebook were storing data about people in Amazon Web Services S3 buckets configured for public access, said UpGuard, a Silicon Valley-based security company known for identifying misconfigured cloud services. One database originated with Mexico-based Cultura Colectiva, while the other was stored by the makers of an app called “At the Pool.” Both had been secured by Wednesday, UpGuard said. The Cultura Cultiva is the bigger of the two exposures, including 146 gigabytes of information about comments, likes, reactions, account names, Facebook IDs and more, UpGuard said. The “At the Pool” discovery, while not nearly as large, “contains plaintext (i.e. unprotected) Facebook passwords for 22,000 users,” UpGuard said. The company appears to have ceased operation in 2014, but this “should offer little consolation to the app’s end users whose […]

The post Third-party Facebook apps left people’s data publicly exposed, researchers say appeared first on CyberScoop.

Continue reading Third-party Facebook apps left people’s data publicly exposed, researchers say